Summary: | java/jakarta-struts: Security vulnerability: input validation bypass (JVN#86448949/CVE-2015-0899) | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Pedro F. Giffuni <pfg> |
Component: | Individual Port(s) | Assignee: | Ports Security Team <ports-secteam> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | CC: | feld, junovitch, ports-secteam |
Priority: | --- | Keywords: | needs-patch, security |
Version: | Latest | Flags: | koobs:
merge-quarterly?
|
Hardware: | Any | ||
OS: | Any |
Description
Pedro F. Giffuni
2016-04-02 02:48:53 UTC
Let's add a couple of security-minded committers to this PR and see if one of them agrees and possibly accomplishes it. I looked at this previously and ran into a wall. I think I created a vuxml entry but updating the port was non-trivial. Hi Mark, Pedro is suggesting to mark it restricted and deprecate. I was more thinking of this suggestion rather than resolving the vulnerability (or rather if the resolution isn't known) Port is unmaintained, security vulnerability, over to ports-secteam A commit references this bug: Author: feld Date: Sat Sep 10 16:40:01 UTC 2016 New revision: 421710 URL: https://svnweb.freebsd.org/changeset/ports/421710 Log: java/jakarta-struts: Mark deprecated PR: 208462 Changes: head/java/jakarta-struts/Makefile Closing, we have resolved this by marking the port deprecated. |