Your message dated Mon, 10 Dec 2007 17:13:51 +0100
with message-id <[EMAIL PROTECTED]>
and subject line vulnerable code not present
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libslide-webdavclient-java
Version: 2.1+dfsg-1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libslide-webdavclient-java.
CVE-2007-5731[0]:
| Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and
| earlier allows remote authenticated users to read arbitrary files via
| a WebDAV write request that specifies an entity with a SYSTEM tag, a
| related issue to CVE-2007-5461.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
This can only be exploited by authenticated attackers.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5731
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp6ArLdqH5FY.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Hi
Closing this bug, as the problem is in the server part and not in the client
part. The server part is not packaged for debian.
Cheers
Steffen
--- End Message ---
_______________________________________________
pkg-java-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
