Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 521736 - dev-java/jcs requires vulnerable version of dev-java/xmlrpc
Summary: dev-java/jcs requires vulnerable version of dev-java/xmlrpc
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Java (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Java team
URL:
Whiteboard:
Keywords:
Depends on: 551992
Blocks:
  Show dependency tree
 
Reported: 2014-08-30 13:41 UTC by Johann Schmitz (ercpe) (RETIRED)
Modified: 2015-06-15 15:53 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johann Schmitz (ercpe) (RETIRED) gentoo-dev 2014-08-30 13:41:02 UTC
Even the latest code in SVN (http://svn.apache.org/viewvc/commons/proper/jcs/trunk/src/experimental/org/apache/commons/jcs/auxiliary/lateral/xmlrpc/LateralXMLRPCReceiver.java?view=markup) uses the pre-3 implementation of org.apache.xmlrpc.WebServer.

In dev-java/xmlrpc-3.x the WebServer was moved to org.apache.xmlrpc.webserver and it's public API has changed. Don't know if we can safely drop the "experimental" part from jcs.

Reproducible: Always
Comment 1 Patrice Clement gentoo-dev 2015-06-15 09:55:01 UTC
+  15 Jun 2015; Patrice Clement <monsieurp@gentoo.org> jcs-2.0.ebuild:
+  Update xmlrpc dependency to xmlrpc:3 wrt to bug 521736. Drop ppc.
+

jcs-2.0 now depends on the new version of xmlrpc.
Comment 2 Patrice Clement gentoo-dev 2015-06-15 15:53:09 UTC
+  15 Jun 2015; Patrice Clement <monsieurp@gentoo.org> -jcs-1.2.7.9-r1.ebuild,
+  -jcs-1.3-r1.ebuild:
+  Remove vulnerable versions. Fix security bug 385811.
+