Gentoo Full Text Bug Listing

Bug 128251 - dev-java/struts several issues (CVE-2006-154{6|7|8})

Bug#: 128251	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: normal	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL: http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html
Summary: dev-java/struts several issues (CVE-2006-154{6\|7\|8})
Keywords:
Status Whiteboard: ~3 [noglsa] dizzutch
Opened: 2006-03-31 06:57 0000

Description:

Opened: 2006-03-31 06:57 0000

Bug 38374 - Validation always skipped with Globals.CANCEL_KEY.
Bug 38534 - DOS attack, application hack.
Bug 38749 - XSS vulnerability in LookupDispatchAction.

------- Comment #1 From Jule Slootbeek 2006-03-31 07:09:52 0000 -------

1.2.9 is available for download @ http://struts.apache.org/download.cgi

------- Comment #2 From Sune Kloppenborg Jeppesen 2006-03-31 07:33:53 0000 -------

Java please advise and provide an updated ebuild as necessary.

------- Comment #3 From Josh Nichols (RETIRED) 2006-03-31 10:33:34 0000 -------

karltk did the 1.2.9 bump earlier today.

------- Comment #4 From Sune Kloppenborg Jeppesen 2006-03-31 22:30:41 0000 -------

Struts appears to never have been stable -> closing with NO GLSA.