Merge jakarta-taglibs-standard 1.1.2-3 (main) from Debian unstable (main)
Bug #1433365 reported by
Artur Rona
on 2015-03-18
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | jakarta-taglibs-standard (Ubuntu) |
Medium
|
Unassigned | ||
Bug Description
jakarta-
* Team upload.
* Fix CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags:
- Introduce new patch: d/patches/
- Adjust source and target JVM parameters to 1.5.
(Closes: #779621).
Related branches
CVE References
| Artur Rona (ari-tczew) wrote : | #1 |
| Artur Rona (ari-tczew) wrote : | #2 |
| Changed in jakarta-taglibs-standard (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | New → Confirmed |
| Launchpad Janitor (janitor) wrote : | #3 |
| Changed in jakarta-taglibs-standard (Ubuntu): | |
| status: | Confirmed → Fix Released |
Mathew Hodson (mathew-hodson)
on 2015-03-31
| information type: | Public → Public Security |
To post a comment you must log in.
This bug was fixed in the package jakarta-
---------------
jakarta-
* Merge from Debian unstable. (LP: #1433365) Remaining changes:
- debian/
+ Transition from servlet 2.5 -> 3.0. (Closes: #780701)
jakarta-
* Team upload.
* Fix CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags:
- Introduce new patch: d/patches/
- Adjust source and target JVM parameters to 1.5.
(Closes: #779621).
-- Artur Rona <email address hidden> Wed, 18 Mar 2015 01:11:43 +0100