Return-Path: X-Original-To: apmail-tiles-dev-archive@minotaur.apache.org Delivered-To: apmail-tiles-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3037DCFCC for ; Sat, 22 Jun 2013 18:52:30 +0000 (UTC) Received: (qmail 54743 invoked by uid 500); 22 Jun 2013 18:52:30 -0000 Delivered-To: apmail-tiles-dev-archive@tiles.apache.org Received: (qmail 54716 invoked by uid 500); 22 Jun 2013 18:52:30 -0000 Mailing-List: contact dev-help@tiles.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@tiles.apache.org Delivered-To: mailing list dev@tiles.apache.org Received: (qmail 54708 invoked by uid 99); 22 Jun 2013 18:52:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 22 Jun 2013 18:52:29 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of gredbug@gmail.com designates 209.85.215.47 as permitted sender) Received: from [209.85.215.47] (HELO mail-la0-f47.google.com) (209.85.215.47) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 22 Jun 2013 18:52:24 +0000 Received: by mail-la0-f47.google.com with SMTP id fe20so8567648lab.6 for ; Sat, 22 Jun 2013 11:52:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=xNNtwWCDEkAng6UW69qAHnTY4Z9DvVzwRoDNEXdKr/E=; b=ddt6b3j0QqTjjJ8Ayss52FnV8uhVwDUcvf3rf3b1ESZaFaIl7mhe4AntNq5U4hnnMO LH9kNmCxTwmg+5PMJf7dfzVWQkR6ny5Wpci8b6oME79XaOwGBpkA+ZdhljVbPSIIv0hX zpUDN4P15ADA86/OAAhHbDiPS16TReJKi4DFYMKotFUs6WTdBirZ+eWgodOtwV/h4g0B LiHWjugdjpUD18JIICr3W6bRtIieG61ZI9Ldo9h5ysFJrO7HPKeIqiAfaJxcnY9EZS9N wexzuZrO8J9GU42wDpPSpNVMIb/PEVXp2TOQyyXZC6tdcD9fjGkBzJ3J0Z6d0tT+sbgR Z+rw== MIME-Version: 1.0 X-Received: by 10.112.14.33 with SMTP id m1mr9900667lbc.17.1371927123916; Sat, 22 Jun 2013 11:52:03 -0700 (PDT) Received: by 10.112.92.7 with HTTP; Sat, 22 Jun 2013 11:52:03 -0700 (PDT) In-Reply-To: <51C5C22C.4010001@nlebas.net> References: <51C2BD63.7000901@apache.org> <51C5C22C.4010001@nlebas.net> Date: Sat, 22 Jun 2013 13:52:03 -0500 Message-ID: Subject: Re: [SECURITY] Frame injection vulnerability in published Javadoc From: Greg Reddin To: dev@tiles.apache.org Content-Type: multipart/alternative; boundary=001a11c37b0ae1007804dfc2ac2c X-Virus-Checked: Checked by ClamAV on apache.org --001a11c37b0ae1007804dfc2ac2c Content-Type: text/plain; charset=ISO-8859-1 Thanks, Nicolas. On Sat, Jun 22, 2013 at 10:26 AM, Nicolas LE BAS wrote: > Hi all, > > Since it is a urgent security matter, I've completed the task and I'm > asking for approval of the PMC after the deed. Thanks for your > understanding. > > I applied the patch provided by Oracle and published the result > immediately. > > The affected files were: > > tiles-showcase/apidocs/index.html > eval/apidocs/index.html > 2.0/framework/apidocs/index.html > 2.0/framework/testapidocs/index.html > framework/apidocs/index.html > framework/testapidocs/index.html > tiles-autotag/apidocs/index.html > tiles-request/apidocs/index.html > 2.1/framework/apidocs/index.html > 2.1/framework/testapidocs/index.html > 2.2/framework/apidocs/index.html > 2.2/framework/testapidocs/index.html > > Please know that any comments will be considered with attention. > > Thanks, > > Nick. > > -------- Original Message -------- > Subject: [SECURITY] Frame injection vulnerability in published Javadoc > > Hi All, > > Oracle has announced [1], [2] a frame injection vulnerability in Javadoc > generated by Java 5, Java 6 and Java 7 before update 22. > > [...] > > [1] > > http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html > [2] http://www.kb.cert.org/vuls/id/225657 > > Project Instances > [...] > tiles.apache.org 12 > [...] > > > > --001a11c37b0ae1007804dfc2ac2c--