Package: jakarta-taglibs-standard | Debian Sources

Package: jakarta-taglibs-standard / 1.1.2-3

Metadata

Package	Version	Patches format
jakarta-taglibs-standard	1.1.2-3	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
01_fix_build.diff \| (download)	standard/src/org/apache/taglibs/standard/lang/jstl/test/PageContextImpl.java \| 3 3 + 0 - 0 ! standard/src/org/apache/taglibs/standard/tag/common/sql/DataSourceWrapper.java \| 13 13 + 0 - 0 ! 2 files changed, 16 insertions(+)	added method stubs to fix compilation against servlet-api-2.5.
java7 compat.patch \| (download)	standard/src/org/apache/taglibs/standard/tag/common/sql/DataSourceWrapper.java \| 9 9 + 0 - 0 ! 1 file changed, 9 insertions(+)	---
CVE 2015 0254.patch \| (download)	standard/src/javax/servlet/jsp/jstl/tlv/ParserUtil.java \| 86 86 + 0 - 0 ! standard/src/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java \| 9 3 + 6 - 0 ! standard/src/javax/servlet/jsp/jstl/tlv/ScriptFreeTLV.java \| 38 12 + 26 - 0 ! standard/src/org/apache/taglibs/standard/tag/common/core/ImportSupport.java \| 52 2 + 50 - 0 ! standard/src/org/apache/taglibs/standard/tag/common/core/RedirectSupport.java \| 27 15 + 12 - 0 ! standard/src/org/apache/taglibs/standard/tag/common/core/UrlSupport.java \| 42 23 + 19 - 0 ! standard/src/org/apache/taglibs/standard/tag/common/xml/JSTLVariableStack.java \| 132 132 + 0 - 0 ! standard/src/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java \| 245 63 + 182 - 0 ! standard/src/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java \| 375 123 + 252 - 0 ! standard/src/org/apache/taglibs/standard/tag/common/xml/XalanUtil.java \| 90 90 + 0 - 0 ! standard/src/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java \| 279 279 + 0 - 0 ! standard/src/org/apache/taglibs/standard/tlv/JstlBaseTLV.java \| 27 17 + 10 - 0 ! standard/src/org/apache/taglibs/standard/util/UnclosableWriter.java \| 44 44 + 0 - 0 ! standard/src/org/apache/taglibs/standard/util/UrlUtil.java \| 80 80 + 0 - 0 ! standard/src/org/apache/taglibs/standard/util/XmlUtil.java \| 345 345 + 0 - 0 ! 15 files changed, 1314 insertions(+), 557 deletions(-)	fix cve-2015-0254 xxe and rce via xsl extension in jstl xml tags When an application uses <x:parse> or <x:transform> tags to process untrusted XML documents, a request may utilize external entity references to access resources on the host system or utilize XSLT extensions that may allow remote execution. For more information, just go to: http://www.securityfocus.com/archive/1/534772.

1