Author: alteholz Date: 2016-06-18 17:42:41 +0000 (Sat, 18 Jun 2016) New Revision: 42624
Modified: data/CVE/list data/dla-needed.txt Log: taking care of libstruts1.2-java Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-06-18 13:33:59 UTC (rev 42623) +++ data/CVE/list 2016-06-18 17:42:41 UTC (rev 42624) @@ -13977,13 +13977,23 @@ CVE-2016-1182 [Improper input validation in Validator] RESERVED - libstruts1.2-java <removed> + [wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899) NOTE: https://jvn.jp/en/jp/JVN65044642/ - NOTE: Probably a duplicate of CVE-2015-0899 + NOTE: Two conditions must be met to exploit this vulnerability + NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine + NOTE: condition two can be fixed by the following patch: + NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8 + NOTE: but as this completely deactivates multipart requests, this should not be generally applied CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED - libstruts1.2-java <removed> + [wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899) NOTE: https://jvn.jp/en/jp/JVN03188560/ - NOTE: Probably a duplicate of CVE-2015-0899 + NOTE: Two conditions must be met to exploit this vulnerability + NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine + NOTE: condition two can be fixed by the following patch: + NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8 + NOTE: but as this completely deactivates multipart requests, this should not be generally applied CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...) TODO: check CVE-2016-1179 Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2016-06-18 13:33:59 UTC (rev 42623) +++ data/dla-needed.txt 2016-06-18 17:42:41 UTC (rev 42624) @@ -34,8 +34,6 @@ The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. -- -libstruts1.2-java (Thorsten Alteholz) --- mat -- mysql-connector-java _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits