lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <E1alYvq-0007ZD-Pw@seger.debian.org>
Date: Thu, 31 Mar 2016 09:30:26 +0000
From: Sebastien Delafond <seb@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3536-1] libstruts1.2-java security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3536-1                   security@...ian.org
https://www.debian.org/security/                       Sebastien Delafond
March 31, 2016                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libstruts1.2-java
CVE ID         : CVE-2015-0899

It was discovered that libstruts1.2-java, a Java framework for MVC
applications, contains a bug in its multi-page validation code. This
allows input validation to be bypassed, even if MPV is not used
directly.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.2.9-5+deb7u2.

We recommend that you upgrade your libstruts1.2-java packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCgAGBQJW/O4DAAoJEBC+iYPz1Z1kB2UIAKMa1/9Udlab/7QeTxDdBuW2
tYu4RphjaRc7P7tto+Sznz2rIGT/kEvkRwQvuhsi1lqPfvXLQABjq/hcDlNpWFjB
aqJjEwalipEdOfcwMkyfiWYfPzwyazipgPYsA/h4OpGOoioUcx151RgR8UfEnZDl
eApRg3RP5TsyYevGDbmUjBkCmhcbx8lci9LN7onuQpFY6/AD5C6Od2qwaSuPWwis
KrgfjuzQlvvFrM+2ZY/b8KPAOoPml+k4I4dqQ1aFu0Yu7702Mgwkb6wMP3MfSaRc
8qRxoBR6a+BO/R2fOtdDkI5PcM+B0qQAc3yQol8WF8ouUsN1KHn4DVKjGq8BK2I=
=8rRO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ