From ${URL} : Multiple path traversal flaws where found in Mojarra JSF2 implementation for identifying resources by name or from libraries. An unauthenticated remote attacker can use these flaws to gather otherwise undisclosed information from within an application's root. References: [1] http://security.coverity.com/advisory/2013/Oct/two-path-traversal-defects-in-oracles-jsf2-implementation.html [2] http://www.kb.cert.org/vuls/id/526012 [3] http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3827 Affects: 2.0 - 2.1.18 Fixed In: 2.1.19 Upstream Fix commit: https://java.net/projects/mojarra/sources/svn/revision/11603 https://java.net/projects/mojarra/sources/svn/revision/11606 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
(In reply to Agostino Sarubbo from comment #0) > > Affects: 2.0 - 2.1.18 > Fixed In: 2.1.19 > None of the affected versions was ever in tree. Marking as INVALID. Thanks anyway.