Bug#340583: marked as done (CVE-2005-3745: Cross-Site-Scriping vulnerability)

Thu, 01 Dec 2005 08:04:45 -0800 

Your message dated Thu, 01 Dec 2005 07:47:18 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#340583: fixed in libstruts1.2-java 1.2.8-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Nov 2005 11:03:56 +0000
>From [EMAIL PROTECTED] Thu Nov 24 03:03:56 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111] 
helo=vserver151.vserver151.serverflex.de)
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1EfEtP-0005oH-S5
        for [EMAIL PROTECTED]; Thu, 24 Nov 2005 03:03:56 -0800
Received: from wlan-client-044.informatik.uni-bremen.de ([134.102.116.45] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1EfEtO-0006hd-FM
        for [EMAIL PROTECTED]; Thu, 24 Nov 2005 12:03:54 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.54)
        id 1EfEtI-0001c4-1N; Thu, 24 Nov 2005 12:03:48 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CVE-2005-3745: Cross-Site-Scriping vulnerability
X-Mailer: reportbug 3.17
Date: Thu, 24 Nov 2005 12:03:48 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.116.45
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: libstruts1.2-java
Severity: grave
Tags: security
Justification: user security hole

A Cross-Site-Scriping vulnerability has been found in the request handler
for generating error messages. Please see 
http://www.securityfocus.com/archive/1/archive/1/417296/30/0/threaded for
more details.

It's been fixed upstream in 1.2.8.

This has been assigned CVE-2005-3745, please mention it in the changelog
when fixing it.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

---------------------------------------
Received: (at 340583-close) by bugs.debian.org; 1 Dec 2005 15:51:25 +0000
>From [EMAIL PROTECTED] Thu Dec 01 07:51:25 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
        id 1EhqeU-00060G-4n; Thu, 01 Dec 2005 07:47:18 -0800
From: Wolfgang Baer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.60 $
Subject: Bug#340583: fixed in libstruts1.2-java 1.2.8-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 01 Dec 2005 07:47:18 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: libstruts1.2-java
Source-Version: 1.2.8-1

We believe that the bug you reported is fixed in the latest version of
libstruts1.2-java, which is due to be installed in the Debian FTP archive:

libstruts1.2-java_1.2.8-1.diff.gz
  to pool/main/libs/libstruts1.2-java/libstruts1.2-java_1.2.8-1.diff.gz
libstruts1.2-java_1.2.8-1.dsc
  to pool/main/libs/libstruts1.2-java/libstruts1.2-java_1.2.8-1.dsc
libstruts1.2-java_1.2.8-1_all.deb
  to pool/main/libs/libstruts1.2-java/libstruts1.2-java_1.2.8-1_all.deb
libstruts1.2-java_1.2.8.orig.tar.gz
  to pool/main/libs/libstruts1.2-java/libstruts1.2-java_1.2.8.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Wolfgang Baer <[EMAIL PROTECTED]> (supplier of updated libstruts1.2-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 29 Nov 2005 13:53:06 +0100
Source: libstruts1.2-java
Binary: libstruts1.2-java
Architecture: source all
Version: 1.2.8-1
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Wolfgang Baer <[EMAIL PROTECTED]>
Description: 
 libstruts1.2-java - Java Framework for MVC web applications
Closes: 340583
Changes: 
 libstruts1.2-java (1.2.8-1) unstable; urgency=low
 .
   * New upstream release
     Fixes a Cross-Site-Scriping vulnerability in the request handler for
     generating error messages, CVE-2005-3745 (closes: #340583)
   * Removed setting of DEB_ANT_COMPILER variable as already preset in kaffe
Files: 
 908ce10eda11d3ebdd20355ae52cb7cc 1067 devel optional 
libstruts1.2-java_1.2.8-1.dsc
 99b90aed5fd29bb06b2b97f70da4b889 5747674 devel optional 
libstruts1.2-java_1.2.8.orig.tar.gz
 27687e9e9b15f6df41d30402ac9fc824 6177 devel optional 
libstruts1.2-java_1.2.8-1.diff.gz
 d10271cacf04fced0c92371e0fb831f8 664352 devel optional 
libstruts1.2-java_1.2.8-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDjxlP4vzFZu62tMIRAnjSAKC4GwUxXHGxH1Um9mwrEHpSuso/RwCgkhPB
jrRtTVWCcLiCnuyDlBOWR7A=
=u5bo
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to