Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3536-1] libstruts1.2-java security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3536-1] libstruts1.2-java security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Sebastien Delafond <seb AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3536-1] libstruts1.2-java security update
  • Date: Thu, 31 Mar 2016 09:30:26 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <seb AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 31 Mar 2016 09:30:48 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <w99DyogCMxG.A.a8D.I5O_WB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3536-1 security AT debian.org
https://www.debian.org/security/ Sebastien Delafond
March 31, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libstruts1.2-java
CVE ID : CVE-2015-0899

It was discovered that libstruts1.2-java, a Java framework for MVC
applications, contains a bug in its multi-page validation code. This
allows input validation to be bypassed, even if MPV is not used
directly.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.2.9-5+deb7u2.

We recommend that you upgrade your libstruts1.2-java packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCgAGBQJW/O4DAAoJEBC+iYPz1Z1kB2UIAKMa1/9Udlab/7QeTxDdBuW2
tYu4RphjaRc7P7tto+Sznz2rIGT/kEvkRwQvuhsi1lqPfvXLQABjq/hcDlNpWFjB
aqJjEwalipEdOfcwMkyfiWYfPzwyazipgPYsA/h4OpGOoioUcx151RgR8UfEnZDl
eApRg3RP5TsyYevGDbmUjBkCmhcbx8lci9LN7onuQpFY6/AD5C6Od2qwaSuPWwis
KrgfjuzQlvvFrM+2ZY/b8KPAOoPml+k4I4dqQ1aFu0Yu7702Mgwkb6wMP3MfSaRc
8qRxoBR6a+BO/R2fOtdDkI5PcM+B0qQAc3yQol8WF8ouUsN1KHn4DVKjGq8BK2I=
=8rRO
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 3536-1] libstruts1.2-java security update, Sebastien Delafond, 31.03.2016

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang