On Tue, Feb 21, 2012 at 12:53:47AM +0100, Damien Raude-Morvan wrote:
> Hi Moritz,
> Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit :
> > On 09/02/2012 21:16, Moritz Mühlenhoff wrote:
> > > There's a new issues, which affects 1.x:
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007
> > From , it seems there is no actual fix for this issue :(
> > I'll contact Struts Security Team on this matter.
> Okay, I got some feedback for Struts Security Team.
> This particular security issue doesn't affect Struts as binary library (ie.
> /usr/share/java/struts-1.2.jar is unaffected) but concern only samples
> as source is /usr/share/doc/libstruts1.2-java/example*
> Do you think we should provide an updated package for squeeze (I think we can
> just drop examples) ?
It's just an example we don't need a DSA. You can fix it through a stable
update for Squeeze, though.
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.