Hi, > - add struts-1.2.9-CVE-2014-0114.patch from Red Hat to fix CVE-2014-0114
http://sources.debian.net/src/libstruts1.2-java/1.2.9-9/debian/patches/struts-1.2.9-CVE-2014-0114.patch >+ protected static final Pattern CLASS_ACCESS_PATTERN = Pattern >+ .compile("(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*", >+ Pattern.CASE_INSENSITIVE); It's very strange regexp. Because we know (P1|.*|P2) == .* . This pattern will match to words other than "class", eg. "fooClass". I think this patch will cause a regression. Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
