Author: apo
Date: 2017-09-22 23:16:33 +0000 (Fri, 22 Sep 2017)
New Revision: 56036
Modified:
data/CVE/list
Log:
libstruts1.2-java,CVE-2016-6795,CVE-2016-8738: end-of-life for Wheezy
Ignore open security issues for libstruts1.2-java and mark them EOL because
this package is used
by nobody and it's probably a waste of time to maintain it any more.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-22 21:17:04 UTC (rev 56035)
+++ data/CVE/list 2017-09-22 23:16:33 UTC (rev 56036)
@@ -44027,6 +44027,7 @@
NOT-FOR-US: Apache CXF
CVE-2016-8738 (In Apache Struts 2.5 through 2.5.5, if an application allows
entering ...)
- libstruts1.2-java <removed>
+ [wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
NOTE: https://struts.apache.org/docs/s2-044.html
CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable
to ...)
NOT-FOR-US: Apache Brooklyn
@@ -50345,6 +50346,7 @@
NOTE: Fixed by:
https://svn.apache.org/viewvc?view=revision&revision=1758496 (6.0.x)
CVE-2016-6795 (In the Convention plugin in Apache Struts 2.3.20 through
2.3.30, it is ...)
- libstruts1.2-java <removed>
+ [wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
NOTE: https://struts.apache.org/docs/s2-042.html
CVE-2016-6794 (When a SecurityManager is configured, a web application's
ability to ...)
{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
