Your message dated Wed, 16 Sep 2020 13:18:36 +0000
with message-id <[email protected]>
and subject line Bug#958055: fixed in dom4j 2.1.3-1
has caused the Debian Bug report #958055,
regarding dom4j: CVE-2020-10683: XML External Entity vulnerability in default
SAX parser
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
958055: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958055
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dom4j
Version: 2.1.1-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for dom4j.
CVE-2020-10683[0]:
XML External Entity vulnerability in default SAX parser
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-10683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1694235
[2] https://github.com/dom4j/dom4j/commit/a822852 (Patch)
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dom4j
Source-Version: 2.1.3-1
Done: Emmanuel Bourg <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dom4j, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <[email protected]> (supplier of updated dom4j package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 16 Sep 2020 15:03:01 +0200
Source: dom4j
Architecture: source
Version: 2.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Emmanuel Bourg <[email protected]>
Closes: 958055
Changes:
dom4j (2.1.3-1) unstable; urgency=medium
.
* New upstream release
- Fixes CVE-2020-10683: XML External Entity vulnerability in the default
SAX parser (Closes: #958055)
- Refreshed the patches
Checksums-Sha1:
c3e938879d2802ac1bedfacc6447ae3d6d8960fd 2213 dom4j_2.1.3-1.dsc
6642b5c0a30fb90e6eb3e62616c92c52d8e8ec75 341124 dom4j_2.1.3.orig.tar.xz
ddc0dd5e517ec2619f1e58f9ffb7a180b227943d 6820 dom4j_2.1.3-1.debian.tar.xz
22da5dc98df28fab2ab9112e9bcd5f0243608d5e 12551 dom4j_2.1.3-1_source.buildinfo
Checksums-Sha256:
16b63e96ca4559a925a999c3c569dc16112b95c9bf13589c4ab482f97eea976a 2213
dom4j_2.1.3-1.dsc
d94b29e2224538cc831067af1f8bf5c292cdb9643ba3f421027c5bcbb17ba747 341124
dom4j_2.1.3.orig.tar.xz
c1b318c59c53c205a4cda2786634c430060f968e5dff9b027fed4633e721c283 6820
dom4j_2.1.3-1.debian.tar.xz
6f80d3bf40a60bf4c2f8ff7e1f6049b14a98c7cffa8931002237cb3ca3361276 12551
dom4j_2.1.3-1_source.buildinfo
Files:
579dfeeef02abb164f338c553b65da7a 2213 java optional dom4j_2.1.3-1.dsc
bfc02483d72bfcbc811161ff3108158e 341124 java optional dom4j_2.1.3.orig.tar.xz
fdab98784392a55ee5ea811d6c66e59b 6820 java optional dom4j_2.1.3-1.debian.tar.xz
417029a0860cb3e3dddbbe3fed34d312 12551 java optional
dom4j_2.1.3-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl9iDRwSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCseYEP/A82zeNZrZ2vp0m1ydND5kzONU9RDnaS
KEPmM/vqwGV7/sb2urmJZfXGdKIMsXHjTmzZH1F/QqmyObtNkquy1Nb3hMbzGTfG
vFN/Z3GEpZbqTrW4lJj3LiTrV1lP0ErFea1qlZvY6wPly0625sl/qCBcSYunVuIw
rYjWQoFf2LbuNW7u7rnyBdXTeVW9DYohoMZ7K6pmLduiJRx37GYBEEDAuH5ZoBe+
5gdS9mFG6AAQwL8mrxDmfAmkZ5mTfUBsmJnJpMBHm6P8ZF+NQlePYHm0SfM60YWN
3CURHzZfD6Rfr0pVwgl/nEs6fSFaAkmZvvG2l9sVz/6CyVsYDiGqvBpzLbA2dWcz
pGcql9DczjDBdpm0OlTSXy6Rbm7NCDP0cCVANWshGDox0TGEBkIlDASEhvQPjtX3
TP5QGG4vSa3Hy3uOVfrtwIANJqHB5G/dgBS092BF+127kqlLe1gSViNzZ60mHnwG
nuu/fc+52pSvYkolXVNGB58KpwfAmO89+6oPJd89oFsRzfoda6/odWyNBd6vS0Vu
DkAjV4WuiZN6iqk9kGnVQln0zwLKHLSDysDkXowq21ilFjiI/lVxdaGOjfUZ6NK5
m9HWR3T8EYZBaDONiHe5rcewRYN2n6PSTYnVau7Ie0ZN92dKER/f6F8Sn9vKGJH9
WjoYoGbxUHNj
=s+6m
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
