1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3536-1] libstruts1.2-java security update

    From Sebastien Delafond@1:229/2 to All on Thu Mar 31 11:40:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3536-1 [email protected] https://www.debian.org/security/ Sebastien Delafond
    March 31, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libstruts1.2-java
    CVE ID : CVE-2015-0899

    It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This
    allows input validation to be bypassed, even if MPV is not used
    directly.

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 1.2.9-5+deb7u2.

    We recommend that you upgrade your libstruts1.2-java packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQEcBAEBCgAGBQJW/O4DAAoJEBC+iYPz1Z1kB2UIAKMa1/9Udlab/7QeTxDdBuW2 tYu4RphjaRc7P7tto+Sznz2rIGT/kEvkRwQvuhsi1lqPfvXLQABjq/hcDlNpWFjB aqJjEwalipEdOfcwMkyfiWYfPzwyazipgPYsA/h4OpGOoioUcx151RgR8UfEnZDl eApRg3RP5TsyYevGDbmUjBkCmhcbx8lci9LN7onuQpFY6/AD5C6Od2qwaSuPWwis KrgfjuzQlvvFrM+2ZY/b8KPAOoPml+k4I4dqQ1aFu0Yu7702Mgwkb6wMP3MfSaRc 8qRxoBR6a+BO/R2fOtdDkI5PcM+B0qQAc3yQol8WF8ouUsN1KHn4DVKjGq8BK2I=
    =8rRO
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)