| Summary: | <dev-util/eclipse-sdk-3.6.2: multiple XSS vulnerabilities (CVE-2010-4647) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | bugsgentoo, java, kripton |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4647 | ||
| Whiteboard: | B4? [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 325271 | ||
| Bug Blocks: | |||
|
Description
Paweł Hajdan, Jr. (RETIRED)
2011-01-14 07:20:24 UTC
I found a working copy of the 3.6.2 ebuild in the belak overlay: https://bitbucket.org/belak/belak.gentoo you might want to have a look at it. CVE-2010-4647 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4647): Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. @maintainers: can we clean <eclipse*-3.6.2? This would leave us with the 3.7 and 4.2 branches. Will clean in 30 days if no response is given. All dev-util/eclipse-sdk versions are hardmasked in tree. Closing bug noglsa. equery list -p eclipse-sdk dev-util/eclipse-sdk-3.5.1-r1:3.5 man, this is years old. Yet another orphaned package? (In reply to genbug from comment #5) > man, this is years old. Yet another orphaned package? It's one of the hardest of all Java packages to build. Are you going to maintain it? |
