Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 83af9505 by Markus Koschany at 2022-10-27T18:34:48+02:00 CVE-2022-41842,libcommons-jxpath-java: Link to proposed upstream changes The upstream discussion is ongoing. They intend to implement either a whitelist or a blacklist. Maven requires jxpath as a build-dependency. We should wait for the outcome of that discussion - - - - - 4c46ba1e by Markus Koschany at 2022-10-27T18:42:12+02:00 Add libcommons-jxpath-java to dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -5178,6 +5178,8 @@ CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in CVE-2022-41852 (Those using JXPath to interpret untrusted XPath expressions may be vul ...) - libcommons-jxpath-java <unfixed> NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133 + NOTE: https://github.com/apache/commons-jxpath/pull/25 + NOTE: https://github.com/apache/commons-jxpath/pull/26 CVE-2022-41851 (A vulnerability has been identified in JTTK (All versions < V11.1.1 ...) NOT-FOR-US: JTTK CVE-2022-41836 (When an 'Attack Signature False Positive Mode' enabled security policy ...) ===================================== data/dla-needed.txt ===================================== @@ -98,6 +98,10 @@ kopanocore NOTE: 20220801: Programming language: C++. NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) -- +libcommons-jxpath-java + NOTE: 20221027: Programming language: Java. + NOTE: 20221027: Maintainer notes: Wait for the outcome of upstream discussion. See CVE-2022-41852 for pull requests. +-- libreoffice NOTE: 20221012: Programming language: C++. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/257634c3285ad3cb989508e20d4703e596835672...4c46ba1ef93f6027787ca6fba7577590eb6f91f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/257634c3285ad3cb989508e20d4703e596835672...4c46ba1ef93f6027787ca6fba7577590eb6f91f5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits