Hi Moritz, > There was another report for a Struts security issue: > CVE-2012-1592: > http://seclists.org/bugtraq/2012/Mar/110 > > Can you please contact upstream, whether this needs to be fixed in > our Struts 1.2?
Struts 1.x is not affected by this issue (there is no XSLTResult file or similar mecanism). BTW, Red Hat also flaged their struts 1.x package as Not Vulnerable. Cheers, -- Damien -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
