Bug#657870: Multiple issues in Struts

2012-01-29 Thread Moritz Muehlenhoff
Package: libstruts1.2-java Severity: grave Tags: security Hi, several vulnerabilities have been reported against Struts: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0

Bug#657870: Multiple issues in Struts

2012-02-01 Thread tony mancill
On 01/29/2012 06:05 AM, Moritz Muehlenhoff wrote: > Package: libstruts1.2-java > Severity: grave > Tags: security > > Hi, > several vulnerabilities have been reported against Struts: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0391 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

Bug#657870: Multiple issues in Struts

2012-02-09 Thread Moritz Mühlenhoff
On Wed, Feb 01, 2012 at 10:46:51PM -0800, tony mancill wrote: > On 01/29/2012 06:05 AM, Moritz Muehlenhoff wrote: > > Package: libstruts1.2-java > > Severity: grave > > Tags: security > > > > Hi, > > several vulnerabilities have been reported against Struts: > > > > http://cve.mitre.org/cgi-bin/c

Bug#657870: Multiple issues in Struts

2012-02-16 Thread Damien Raude-Morvan
Hi Moritz, On 09/02/2012 21:16, Moritz Mühlenhoff wrote: There's a new issues, which affects 1.x: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007 From [1], it seems there is no actual fix for this issue :( I'll contact Struts Security Team on this matter. [1] http://secpod.org/a

Bug#657870: Multiple issues in Struts

2012-02-20 Thread Damien Raude-Morvan
Hi Moritz, Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit : > On 09/02/2012 21:16, Moritz Mühlenhoff wrote: > > There's a new issues, which affects 1.x: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007 > > From [1], it seems there is no actual fix for this issue :(

Bug#657870: Multiple issues in Struts

2012-02-21 Thread Moritz Mühlenhoff
On Tue, Feb 21, 2012 at 12:53:47AM +0100, Damien Raude-Morvan wrote: > Hi Moritz, > > Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit : > > On 09/02/2012 21:16, Moritz Mühlenhoff wrote: > > > There's a new issues, which affects 1.x: > > > http://cve.mitre.org/cgi-bin/cvename.cgi?nam

Bug#657870: Multiple issues in Struts

2012-04-05 Thread Moritz Muehlenhoff
There was another report for a Struts security issue: CVE-2012-1592: http://seclists.org/bugtraq/2012/Mar/110 Can you please contact upstream, whether this needs to be fixed in our Struts 1.2? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a s

Bug#657870: Multiple issues in Struts

2012-05-01 Thread Damien Raude-Morvan
Hi Moritz, > There was another report for a Struts security issue: > CVE-2012-1592: > http://seclists.org/bugtraq/2012/Mar/110 > > Can you please contact upstream, whether this needs to be fixed in > our Struts 1.2? Struts 1.x is not affected by this issue (there is no XSLTResult file or simila