Hi Moritz, > There was another report for a Struts security issue: > CVE-2012-1592: > http://seclists.org/bugtraq/2012/Mar/110 > > Can you please contact upstream, whether this needs to be fixed in > our Struts 1.2?
Struts 1.x is not affected by this issue (there is no XSLTResult file or similar mecanism). BTW, Red Hat also flaged their struts 1.x package as Not Vulnerable. Cheers, -- Damien __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
