Bug#677194: CVE-2012-2672

2012-06-15 Thread Miguel Landaeta
tags 677194 + moreinfo
severity 677194 important
thanks

On Tue, Jun 12, 2012 at 10:39:02AM +0200, Moritz Muehlenhoff wrote:
 Package: mojarra
 Severity: grave
 Tags: security
 
 Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2672
 
 I'm not sure if Debian is affected, please verify.

Hi,

I'm unable to reproduce this bug with mojarra under tomcat7. I didn't try
with tomcat6, jetty6 or jetty8.

However, in the bugtracker somebody commented this only affects EAP6/AS7
application servers and those ones are not available in Debian.

Cheers,

-- 
Miguel Landaeta, miguel at miguel.cc
secure email with PGP 0x6E608B637D8967E9 available at http://keyserver.pgp.com/
Faith means not wanting to know what is true. -- Nietzsche


signature.asc
Description: Digital signature
__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#677194: CVE-2012-2672

2012-06-12 Thread Moritz Muehlenhoff
Package: mojarra
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2672

I'm not sure if Debian is affected, please verify.

Cheers,
Moritz



__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.