activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: Fwd: [SECURITY] Frame injection vulnerability in published Javadoc
Date Mon, 24 Jun 2013 10:58:37 GMT
FYI, already addressed this morning ;)

On 06/24/2013 12:57 PM, Charles Moulliard wrote:
> FYI
>
> ---------- Forwarded message ----------
> From: Mark Thomas <markt@apache.org>
> Date: Thu, Jun 20, 2013 at 10:29 AM
> Subject: [SECURITY] Frame injection vulnerability in published Javadoc
> To: committers@apache.org
> Cc: root@apache.org
>
>
> Hi All,
>
> Oracle has announced [1], [2] a frame injection vulnerability in Javadoc
> generated by Java 5, Java 6 and Java 7 before update 22.
>
> The infrastructure team has completed a scan of our current project
> websites and identified over 6000 instances of vulnerable Javadoc
> distributed across most TLPs. The chances are the project(s) you
> contribute to is(are) affected. A list of projects and the number of
> affected Javadoc instances per project is provided at the end of this
> e-mail.
>
> Please take the necessary steps to fix any currently published Javadoc
> and to ensure that any future Javadoc published by your project does not
> contain the vulnerability. The announcement by Oracle includes a link to
> a tool that can be used to fix Javadoc without regeneration.
>
> The infrastructure team is investigating options for preventing the
> publication of vulnerable Javadoc.
>
> The issue is public and may be discussed freely on your project's dev list.
>
> Thanks,
>
> Mark (ASF Infra)
>
>
>
> [1]
> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
> [2] http://www.kb.cert.org/vuls/id/225657
>
> Project                 Instances
> abdera.apache.org       1
> accumulo.apache.org     2
> activemq.apache.org     105
> any23.apache.org        13
> archiva.apache.org      4
> archive.apache.org      13
> aries.apache.org        7
> avro.apache.org         23
> axis.apache.org         5
> beehive.apache.org      16
> bval.apache.org         12
> camel.apache.org        786
> cayenne.apache.org      4
> chemistry.apache.org    6
> click.apache.org        3
> cocoon.apache.org       6
> commons.apache.org      34
> continuum.apache.org    9
> creadur.apache.org      19
> crunch.apache.org       4
> ctakes.apache.org       2
> curator.apache.org      4
> cxf.apache.org          6
> db.apache.org           39
> directory.apache.org    4
> empire-db.apache.org    1
> felix.apache.org        5
> flume.apache.org        5
> geronimo.apache.org     241
> giraph.apache.org       6
> gora.apache.org         3
> hadoop.apache.org       21
> hbase.apache.org        2
> hive.apache.org         4
> hivemind.apache.org     10
> incubator.apache.org    355
> jackrabbit.apache.org   9
> jakarta.apache.org      39
> james.apache.org        53
> jena.apache.org         5
> juddi.apache.org        3
> lenya.apache.org        46
> logging.apache.org      111
> lucene.apache.org       713
> manifoldcf.apache.org   112
> marmotta.apache.org     1
> maven.apache.org        1623
> maventest.apache.org    1178
> mina.apache.org         2
> mrunit.apache.org       3
> myfaces.apache.org      348
> nutch.apache.org        8
> oltu.apache.org         11
> oodt.apache.org         1
> ooo-site.apache.org     1
> oozie.apache.org        10
> openjpa.apache.org      20
> opennlp.apache.org      9
> pdfbox.apache.org       1
> pig.apache.org          7
> pivot.apache.org        1
> poi.apache.org          1
> portals.apache.org      35
> river.apache.org        2
> santuario.apache.org    1
> shale.apache.org        55
> shiro.apache.org        3
> sling.apache.org        2
> sqoop.apache.org        4
> struts.apache.org       190
> subversion.apache.org   3
> synapse.apache.org      1
> syncope.apache.org      2
> tapestry.apache.org     6
> tika.apache.org         9
> tiles.apache.org        12
> turbine.apache.org      100
> tuscany.apache.org      4
> uima.apache.org         12
> velocity.apache.org     41
> whirr.apache.org        2
> wicket.apache.org       3
> wink.apache.org         13
> ws.apache.org           22
> xalan.apache.org        1
> xerces.apache.org       5
> xml.apache.org          1
> xmlbeans.apache.org     3
> zookeeper.apache.org    18
>
>
>
>
>

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Mime
View raw message