211105 – security/vuxml: Add entry for java/jakarta-struts

Bug 211105 - security/vuxml: Add entry for java/jakarta-struts

Summary: security/vuxml: Add entry for java/jakarta-struts

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Mark Felder

URL:
Keywords:

Depends on:
Blocks:	211099
	Show dependency tree / graph

Reported:	2016-07-14 08:15 UTC by Kubilay Kocak
Modified:	2016-07-16 10:58 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	koobs: merge-quarterly-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kubilay Kocak freebsd_committer

2016-07-14 08:15:21 UTC

Add VuXML entry for CVE-2016-3092 reported in bug 211099

Comment 1 commit-hook freebsd_committer

2016-07-15 16:49:12 UTC

A commit references this bug:

Author: feld
Date: Fri Jul 15 16:48:51 UTC 2016
New revision: 418589
URL: https://svnweb.freebsd.org/changeset/ports/418589

Log:
  Document tomcat vulnerability

  PR:		211105
  Security:	CVE-2016-3092

Changes:
  head/security/vuxml/vuln.xml

Comment 2 commit-hook freebsd_committer

2016-07-15 16:55:13 UTC

A commit references this bug:

Author: feld
Date: Fri Jul 15 16:54:28 UTC 2016
New revision: 418590
URL: https://svnweb.freebsd.org/changeset/ports/418590

Log:
  Also add jakara-struts to the vuxml entry for CVE-2016-3092

  PR:		211105

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2016-07-15 16:56:15 UTC

A commit references this bug:

Author: feld
Date: Fri Jul 15 16:56:01 UTC 2016
New revision: 418591
URL: https://svnweb.freebsd.org/changeset/ports/418591

Log:
  Package name for jakarta-struts is actually apache-struts

  Pointyhat:	me

  PR:		211105

Changes:
  head/security/vuxml/vuln.xml

Comment 4 commit-hook freebsd_committer

2016-07-15 17:14:18 UTC

A commit references this bug:

Author: feld
Date: Fri Jul 15 17:13:53 UTC 2016
New revision: 418592
URL: https://svnweb.freebsd.org/changeset/ports/418592

Log:
  Rename vuxml entry, add new detailed reference as primary.

  This new reference has much more detailed information. It appears even
  the latest version of struts is affected and this may affect many
  products using the Apache Commons FileUpload Utility such as Jenkins,
  Lucene-Solr, etc. Unfortunately it's difficult to identify which version
  of the Apache Commons FileUpload Utility products may have, so this vuxml
  may be expanded as more products are successfully identified.

  PR:		211105
  Security:	CVE-2016-3092

Changes:
  head/security/vuxml/vuln.xml

Comment 5 Kubilay Kocak freebsd_committer

2016-07-16 10:58:04 UTC

Assign to committer that resolved