Debian-LTS alert DLA-292-1 (libstruts1.2-java)

From:
    	     
 
Thorsten Alteholz <debian@alteholz.de> 
To:
    	     
 
debian-lts-announce@lists.debian.org 
Subject:
    	     
 
[SECURITY] [DLA 292-1] libstruts1.2-java security update 
Date:
    	     
 
Mon, 17 Aug 2015 19:41:56 +0200 (CEST)
Message-ID:
    	     
 
<alpine.DEB.2.02.1508171940570.27496@jupiter.server.alteholz.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libstruts1.2-java
Version        : 1.2.9-4+deb6u2
CVE ID         : CVE-2014-0899

The Validator in Apache Struts 1.1 and later contains a function to
efficiently define rules for input validation across multiple pages during
screen transitions. This function contains a vulnerability where input
validation may be bypassed. When the Apache Struts 1 Validator is used,
the web application may be vulnerable even when this function is not used
explicitly.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJV0hzkXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHAO8P/irSdFTPvdm1IqBvEING5hLy
ajHl+YrNAwqF28dT6IwWOBh03DbmNqiJLmQZMzNwYYkXH0aap6CAOAmVOATTD87M
S/4d1Ed1eBZbjrqm8D3hzpATG0+P2jZLY4YI3p1Fzp5IY0fLTnIIKs4dvQP1bEE8
CVMNXfjdSsdCQxYxBho6YdjxlXS75eq5DsNsP5T/SUdfO9CiQiyeKP34YE1uHpK/
InLSRT7bpeT04/5Ervqa4ANFNtxvnZDeiIpYKgVGZyhm40T57qwKIWbWk+R/D7KP
d6PjOb2I3pOHAp5zPvUpFrw+BqquU+tPn9P0yjgr4VRKRtN02QyLQt4jlVKGuY7W
uRqNpwZPjyKl0UTQ82ob+wbqRjYZMuQ8n0Nl3H8TO7QWlv8N3uL5NeR1VTDfFrbr
A5/u+HqDikQ7CSHXgYaQ39ZhlYHwN+Q81AFW2qrJFP6GUCjove4Z+fnTZ2ZvpR8v
hanvxvJ0TxDaszJzEMi3XigeqUYCzUycb3GH2CViOjpPC4dD42EOkx9j2eQIc/1E
5He6zV8C/LtU8MLgyww3lUNa8LV9nkkgbrch/hcA4Y6A8zILaWoW9R0aW18+nqj0
xl5cIlt1Lkm+fvOSi22TZ4QCZS+5CNoLRVyf6kBP1bli0CAojwtqFS4EJRCOigub
hSKyswdoluQhT+UbidRp
=2Cj+
-----END PGP SIGNATURE-----