Bug 521736

Summary:	dev-java/jcs requires vulnerable version of dev-java/xmlrpc
Product:	Gentoo Linux	Reporter:	Johann Schmitz (ercpe) (RETIRED) <ercpe>
Component:	[OLD] Java	Assignee:	Java team <java>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	551992
Bug Blocks:

Description Johann Schmitz (ercpe) (RETIRED) gentoo-dev

2014-08-30 13:41:02 UTC

Even the latest code in SVN (http://svn.apache.org/viewvc/commons/proper/jcs/trunk/src/experimental/org/apache/commons/jcs/auxiliary/lateral/xmlrpc/LateralXMLRPCReceiver.java?view=markup) uses the pre-3 implementation of org.apache.xmlrpc.WebServer.

In dev-java/xmlrpc-3.x the WebServer was moved to org.apache.xmlrpc.webserver and it's public API has changed. Don't know if we can safely drop the "experimental" part from jcs.

Reproducible: Always

Comment 1 Patrice Clement gentoo-dev

2015-06-15 09:55:01 UTC

+  15 Jun 2015; Patrice Clement <monsieurp@gentoo.org> jcs-2.0.ebuild:
+  Update xmlrpc dependency to xmlrpc:3 wrt to bug 521736. Drop ppc.
+

jcs-2.0 now depends on the new version of xmlrpc.

Comment 2 Patrice Clement gentoo-dev

2015-06-15 15:53:09 UTC

+  15 Jun 2015; Patrice Clement <monsieurp@gentoo.org> -jcs-1.2.7.9-r1.ebuild,
+  -jcs-1.3-r1.ebuild:
+  Remove vulnerable versions. Fix security bug 385811.
+