On Tue, Feb 21, 2012 at 12:53:47AM +0100, Damien Raude-Morvan wrote:
> Hi Moritz,
>
> Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit :
> > On 09/02/2012 21:16, Moritz Mühlenhoff wrote:
> > > There's a new issues, which affects 1.x:
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007
> >
> > From [1], it seems there is no actual fix for this issue :(
> > I'll contact Struts Security Team on this matter.
>
> Okay, I got some feedback for Struts Security Team.
>
> This particular security issue doesn't affect Struts as binary library (ie.
> /usr/share/java/struts-1.2.jar is unaffected) but concern only samples
> provided
> as source is /usr/share/doc/libstruts1.2-java/example*
>
> Do you think we should provide an updated package for squeeze (I think we can
> just drop examples) ?
It's just an example we don't need a DSA. You can fix it through a stable
update for Squeeze, though.
Cheers,
Moritz
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
