Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via or IRC
Bug 521736 - dev-java/jcs requires vulnerable version of dev-java/xmlrpc
Summary: dev-java/jcs requires vulnerable version of dev-java/xmlrpc
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Java (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Java team
Depends on: 551992
  Show dependency tree
Reported: 2014-08-30 13:41 UTC by Johann Schmitz (ercpe) (RETIRED)
Modified: 2015-06-15 15:53 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Johann Schmitz (ercpe) (RETIRED) gentoo-dev 2014-08-30 13:41:02 UTC
Even the latest code in SVN ( uses the pre-3 implementation of org.apache.xmlrpc.WebServer.

In dev-java/xmlrpc-3.x the WebServer was moved to org.apache.xmlrpc.webserver and it's public API has changed. Don't know if we can safely drop the "experimental" part from jcs.

Reproducible: Always
Comment 1 Patrice Clement gentoo-dev 2015-06-15 09:55:01 UTC
+  15 Jun 2015; Patrice Clement <> jcs-2.0.ebuild:
+  Update xmlrpc dependency to xmlrpc:3 wrt to bug 521736. Drop ppc.

jcs-2.0 now depends on the new version of xmlrpc.
Comment 2 Patrice Clement gentoo-dev 2015-06-15 15:53:09 UTC
+  15 Jun 2015; Patrice Clement <> -jcs-,
+  -jcs-1.3-r1.ebuild:
+  Remove vulnerable versions. Fix security bug 385811.