Source: libjson-java
Version: 2.4-3.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libjson-java.
CVE-2024-47855[0]:
| util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an
| unbalanced
Source: libapache-mod-jk
Version: 1:1.2.49-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libapache-mod-jk.
CVE-2024-46544[0]:
| Incorrect Default Permissions vulnerability in Apache Tomcat
|
Source: dnsjava
Version: 2.1.8-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dnsjava.
CVE-2023-50868[0]:
| The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155
| when RFC 9276 guida
Source: dnsjava
Version: 2.1.8-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dnsjava.
CVE-2023-50387[0]:
| Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035,
| 6840, and related
Source: dnsjava
Version: 2.1.8-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dnsjava.
CVE-2024-25638[0]:
| dnsjava is an implementation of DNS in Java. Records in DNS replies
| are not checked fo
Source: netty
Version: 1:4.1.48-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2024-29025[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid devel
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-841
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for commons-configuration2.
CVE-2024
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-840
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for commons-configuration2.
CVE-2024
Source: zookeeper
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for zookeeper.
CVE-2024-23944[0]:
| Information disclosure in persistent watchers handling in Apache
| ZooKeeper due
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2024-23672[0]:
| Denial of Service via incomplete cleanup vulnerability in Apache
| Tomcat. It wa
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2024-24549[0]:
| Denial of Service due to improper input validation vulnerability for
| HTTP/2 re
Source: jboss-xnio
Version: 3.8.10-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jboss-xnio.
CVE-2023-5685[0]:
| StackOverflowException when the chain of notifier states becomes
| problematic
Source: jetty9
Version: 9.4.53-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/jetty/jetty.project/issues/11256
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jetty9.
CVE-2024-22201[0]:
| Jetty is a Java based
Source: libcommons-compress-java
Version: 1.25.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.22-1
Hi,
The following vulnerability was published for libcommons-compress-java.
CVE-2024-26308[0]:
| Allocation of Resources
Source: libcommons-compress-java
Version: 1.25.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.22-1
Control: found -1 1.20-1
Hi,
The following vulnerability was published for libcommons-compress-java.
CVE-2024-25710[0]:
|
Source: openrefine
Version: 3.7.7-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openrefine.
Markus, please adjust severity if you think grave/RC severity is not
appropriate. openrefine updates we
Source: libowasp-antisamy-java
Version: 1.7.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libowasp-antisamy-java.
CVE-2024-23635[0]:
| AntiSamy is a library for performing fast, configurabl
Source: shiro
Version: 1.3.2-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for shiro.
CVE-2023-46749[0]:
| path traversal attack
If you fix the vulnerability please also make sure to include th
Source: axis
Version: 1.4-29
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.4-28
Control: found -1 1.4-28+deb12u1
Hi,
The following vulnerability was published for axis.
CVE-2023-51441[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** I
Source: jline3
Version: 3.3.1-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jline3.
CVE-2023-50572[0]:
| An issue in the component GroovyEngine.execute of jline-groovy
| v3.24.1 allows attack
Source: jayway-jsonpath
Version: 2.0.0-5
Severity: minor
X-Debbugs-Cc: car...@debian.org
Hi
The homepage referenced in the Homepage control fields redirects to
https://github.com/json-path/JsonPath which seems to be the new home.
Might be worth updating in any next upload.
Regards,
Salvatore
_
On Mon, Dec 04, 2023 at 08:57:52PM +0100, Salvatore Bonaccorso wrote:
> Source: logback
> Version: 1:1.2.11-4
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
> Control: found -1 1:1.2.11-3
>
> Hi,
>
>
Source: logback
Version: 1:1.2.11-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:1.2.11-3
Hi,
The following vulnerability was published for logback.
CVE-2023-6378[0]:
| A serialization vulnerability in logback receiver com
Control: clone -1 -2 -3
Control: retitle -2 tiles: Add README.Debian.security to document support status
Control: reassign -3 src:debian-security-support
Control: retitle -3 Mark tiles as only supported for building applications
shipped in Debian
Hi,
On Sun, Dec 03, 2023 at 03:35:31PM +0100, Ma
Source: tiles
Version: 3.0.7-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: a...@debian.org, ebo...@apache.org, car...@debian.org, Debian
Security Team
Hi,
The following vulnerability was published for tiles.
CVE-2023-49735[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** The value set as t
Source: tomcat10
Version: 10.1.15-1
Severity: important
Tags: security upstream fixed-upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2023-46589[0]:
| Improper Input Validation vulnerability in Apache Tomcat.Tomcat f
Source: derby
Version: 10.14.2.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/DERBY-7147
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for derby.
CVE-2022-46337[0]:
| A cleverly devised usern
Source: bouncycastle
Version: 1.72-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for bouncycastle.
CVE-2023-33202[0]:
| Bouncy Castle for Java before 1.73 contains a potential Denial of
| Service
Source: undertow
Version: 2.3.8-2
Severity: important
Tags: security upstream
Forwarded: https://issues.redhat.com/browse/UNDERTOW-2271
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for undertow.
CVE-2023-3223[0]:
| A flaw was found in under
Source: netty
Version: 1:4.1.48-7
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:4.1.48-4
Hi,
The following vulnerability was published for netty.
CVE-2023-44487[0]:
| The HTTP/2 protocol allows a denial of service (server r
Source: zookeeper
Version: 3.8.0-11
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.4.13-6
Hi,
The following vulnerability was published for zookeeper.
CVE-2023-44981[0]:
| Authorization Bypass Through User-Controlled Key vulnera
Source: libowasp-antisamy-java
Version: 1.5.3+dfsg-1.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libowasp-antisamy-java.
Note: The severity is set to RC, though 'important' would better fit.
It
Source: snappy-java
Version: 1.1.8.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for snappy-java.
CVE-2023-43642[0]:
| snappy-java is a Java port of the snappy, a fast C++
| compresser/decompre
Source: libcommons-compress-java
Version: 1.22-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcommons-compress-java.
CVE-2023-42503[0]:
| Improper Input Validation, Uncontrolled Resource Co
Source: libapache-mod-jk
Version: 1:1.2.48-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libapache-mod-jk.
CVE-2023-41081[0]:
| The mod_jk component of Apache Tomcat Connectors in some
| circ
Source: axis
Version: 1.4-28
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for axis.
CVE-2023-40743[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in
| an application, it ma
Source: shiro
Version: 1.3.2-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for shiro.
CVE-2023-34478[0]:
| Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to
| a path traversal a
Source: bouncycastle
Version: 1.72-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for bouncycastle.
CVE-2023-33201[0]:
| potential blind LDAP injection attack using a self-signed
| certificate
I
Source: guava-libraries
Version: 31.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for guava-libraries.
CVE-2020-8908[0]:
| A temp directory creation vulnerability exists in all versions of
|
hey all,
I was involved with a discussion on site here in Hamburg with Paul
about it.
On Fri, May 26, 2023 at 10:58:48AM +0200, Moritz Muehlenhoff wrote:
> On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> > First of all trapperkeeper-webserver-jetty9-clojure should add a build-
Source: xerial-sqlite-jdbc
Version: 3.40.1.0+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xerial-sqlite-jdbc.
CVE-2023-32697[0]:
| SQLite JDBC is a library for accessing and creating SQLite
Hi Markus,
On Sat, May 13, 2023 at 06:27:49PM +0200, Markus Koschany wrote:
> I have just pushed the necessary changes to our Git repository.
>
> https://salsa.debian.org/java-team/tomcat9/-/commit/adbd0b0711de66b67278b10e258c47c805e9b993
Do we need to have done more here? When Paul asked on #d
Source: libjettison-java
Version: 1.5.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/jettison-json/jettison/issues/60
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.5.3-1~deb11u1
Hi,
The following vulnerability was published for libjettis
Source: tomcat9
Version: 9.0.70-1
Severity: important
Tags: security upstream
Forwarded: https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 9.0.43-2~deb11u4
Control: found -1 9.0.43-2
Hi,
The following vulnerability was pu
Source: json-smart
Version: 2.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for json-smart.
CVE-2023-1370[0]:
| [Json-smart](https://netplex.github.io/json-smart/) is a performance
| focused, J
Source: libxstream-java
Version: 1.4.19-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libxstream-java.
CVE-2022-41966[0]:
| XStream serializes Java objects to XML and back again. Versions pri
Source: libcommons-net-java
Version: 3.6-1
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/NET-711
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcommons-net-java.
CVE-2021-37533[0]:
| Prior
Source: apache-jena
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi Java maintainers,
there is the following vulnerability was published for apache-jena,
but there is only little information available. My undestanding is
that it still affected
Source: hsqldb
Version: 2.7.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for hsqldb.
CVE-2022-41853[0]:
| Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb
| (HyperSQL Dat
Source: libjettison-java
Version: 1.4.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libjettison-java. It is
fixed upstream in 1.5.1.
CVE-2022-40149[0]:
| Those using Jettison to parse untru
Source: libjettison-java
Version: 1.4.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libjettison-java.
CVE-2022-40150[0]:
| Those using Jettison to parse untrusted XML or JSON data may be
|
Hi Tony
Thanks for the update.
On Wed, Sep 28, 2022 at 08:30:07AM -0700, tony mancill wrote:
> On Tue, Sep 27, 2022 at 05:41:21PM +0200, Salvatore Bonaccorso wrote:
> > > snakeyaml 1.31 has been uploaded to unstable. I will start work on
> > > 1.33, which addresses
Hi Tony,
On Tue, Sep 27, 2022 at 08:06:58AM -0700, tony mancill wrote:
> On Mon, Sep 05, 2022 at 09:48:33PM +0200, Salvatore Bonaccorso wrote:
> > Source: snakeyaml
> > Version: 1.29-1
> > Severity: important
> > Tags: security upstream
> > Forwarded: https://
Source: batik
Version: 1.14-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for batik.
CVE-2022-38398[0]:
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache
| XML Graphics all
Source: snakeyaml
Version: 1.29-1
Severity: important
Tags: security upstream
Forwarded: https://bitbucket.org/snakeyaml/snakeyaml/issues/525
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for snakeyaml.
CVE-2022-25857[0]:
| The package org.y
Source: jsoup
Version: 1.15.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jsoup.
CVE-2022-36033[0]:
| jsoup is a Java HTML parser, built for HTML editing, cleaning,
| scraping, and cross-si
Source: libpgjava
Version: 42.4.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libpgjava.
CVE-2022-31197[0]:
| PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to
| connect to
Source: maven-shared-utils
Version: 3.3.0-1
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/MSHARED-297
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for maven-shared-utils.
CVE-2022-29599[0]:
| I
Source: netty
Version: 1:4.1.48-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2022-24823[0]:
| Netty is an open-source, asynchronous event-driven network application
| framework. T
Hi!
On Mon, Apr 25, 2022 at 01:48:43PM +0100, Neil Williams wrote:
> On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams wrote:
> > Please note, the current homepage for libowasp-antisamy-java appears to
> > have no commits beyond version 1.5.3 but the change for CVE-2022-29577
> > does match the so
Source: h2database
Version: 1.4.197-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for h2database.
CVE-2021-42392[0]:
| The org.h2.util.JdbcUtils.getConnection method
Source: apache-log4j2
Version: 2.17.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3293
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.17.0-1~deb11u1
Control: found -1 2.17.0-1~deb10u1
Hi!
On Sat, Dec 18, 2021 at 03:30:16PM +0100, Markus Koschany wrote:
> Control: owner -1 !
>
> Am Samstag, dem 18.12.2021 um 14:37 +0100 schrieb Salvatore Bonaccorso:
> > Source: apache-log4j2
> > Version: 2.16.0-1
> > Severity: grave
> > Tags: secur
Source: apache-log4j2
Version: 2.16.0-1
Severity: grave
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.16.0-1~deb11u1
Control: found -1 2.16.0-1~deb10u1
Hi,
The following vulnerability
Hi Markus,
On Tue, Dec 14, 2021 at 11:45:20PM +0100, Markus Koschany wrote:
> Control: owner -1 !
>
> Am Dienstag, dem 14.12.2021 um 21:37 +0100 schrieb Salvatore Bonaccorso:
> > Source: apache-log4j2
> > Version: 2.15.0-1
> > Severity: grave
> > Tags: security
Source: apache-log4j2
Version: 2.15.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3221
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.15.0-1~deb11u1
Control: found -1 2.15.0-1~deb10u1
Source: apache-log4j2
Version: 2.13.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3198
https://github.com/apache/logging-log4j2/pull/608
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1
Source: netty
Version: 1:4.1.48-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2021-43797[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid devel
Source: kotlin
Version: 1.3.31+~1.0.1+~0.11.12-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi Andrej,
Looking at
https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/
there is an entry for Kotlin. It is said to be
Source: libxml-security-java
Version: 2.0.10-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libxml-security-java.
CVE-2021-40690[0]:
| Bypass of the secureValidat
Source: jsoup
Version: 1.10.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jsoup.
CVE-2021-37714[0]:
| jsoup is a Java library for working with HTML. Those using jsoup
| versions prior to 1.
Hi Markus,
On Sun, Aug 01, 2021 at 05:53:55PM +0200, Salvatore Bonaccorso wrote:
> Hi Markus,
>
> On Sun, Aug 01, 2021 at 05:28:23PM +0200, Markus Koschany wrote:
> > On Wed, 28 Jul 2021 17:44:49 +0200 Salvatore Bonaccorso
> > wrote:
> >
> > > Hi,
> >
Hi Markus,
On Sun, Aug 01, 2021 at 05:28:23PM +0200, Markus Koschany wrote:
> On Wed, 28 Jul 2021 17:44:49 +0200 Salvatore Bonaccorso
> wrote:
>
> > Hi,
> >
> > The following vulnerability was published for apache-directory-server.
> >
> > CVE-2021-3
Source: apache-directory-server
Version: 2.0.0~M24-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.0.0~M24-3
Hi,
The following vulnerability was published for apache-directory-server.
CVE-2021-33900[0]:
| While investigatin
Source: libpdfbox2-java
Version: 2.0.23-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:libpdfbox-java 1:1.8.16-2
Control: retitle -2 libpdfbox-java: CVE-2021-31811 CVE-2021-31812
Hi,
The following
Hi
On Fri, Jul 16, 2021 at 10:44:20PM +0200, Markus Koschany wrote:
> Control: owner -1 !
>
> Hi,
>
> Am Freitag, dem 16.07.2021 um 21:16 +0200 schrieb Salvatore Bonaccorso:
> > Source: jetty9
> > Version: 9.4.39-2
> > Severity: grave
> > Tags:
Source: jetty9
Version: 9.4.39-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jetty9.
CVE-2021-34429[0]:
| For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 &
| 11.0.1-11.0.5, URIs can be cr
Source: libjdom2-java
Version: 2.0.6-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/hunterhacker/jdom/pull/188
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:libjdom1-java 1.1.3-2
Control: found -1 2.0.6-1
Control: f
Source: jetty9
Version: 9.4.39-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/eclipse/jetty.project/issues/6277
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jetty9.
CVE-2021-34428[0]:
| For Eclipse Jetty ver
[Disclaimer, not the package maintainer, but quickly checked your
report for tracking within the security team]
On Sat, Jun 26, 2021 at 01:50:44PM +0200, Christoph Anton Mitterer wrote:
> Source: zookeeper
> Version: 3.4.13-6
> Severity: grave
> Tags: security
> Justification: user security hole
>
Source: jetty9
Version: 9.4.39-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/eclipse/jetty.project/issues/6263
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jetty9.
CVE-2021-28169[0]:
| For Eclipse Jetty ver
Hi,
On Mon, Jun 14, 2021 at 10:13:19PM +0200, Salvatore Bonaccorso wrote:
> CVE-2021-3597[0]:
> No description was found (try on a search engine)
Sorry forgot to fill here something sensible.
Salvatore
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.
Source: undertow
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for undertow, though it is
hard to tell if our version is affected, [1] lacks details.
CVE-2021-3597[0]:
No description was found (try
[Big disclaimer: I'm not the maintainer but spotted the RC bug filled]
Hi,
On Tue, Jun 08, 2021 at 03:32:18PM -0400, benjamin melançon wrote:
> Source: netbeans
> Version: 12.1-3
> Severity: serious
> Tags: d-i ftbfs
> Justification: fails to build from source
> X-Debbugs-Cc: ben+deb...@agaric.co
Source: libxstream-java
Version: 1.4.15-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libxstream-java.
CVE-2021-29505[0]:
| ### Impact The vulnerability may allo
HI,
On Tue, May 18, 2021 at 11:05:15PM +0200, Emmanuel Bourg wrote:
> Le 2021-05-18 20:39, Moritz Mühlenhoff a écrit :
>
> > let's remove jodd from bullseye until it gets actually used, ok? I can
> > file
> > an RM bug with the release team.
>
> Yes go ahead.
For same reason we might consider t
Hi Andreas,
Thanks for raising the problem.
On Wed, May 05, 2021 at 10:04:46PM +0200, Andreas Beckmann wrote:
> Followup-For: Bug #985220
>
> Hi,
>
> CVE-2020-13936 is fixed in stretch-security but not buster, making
> upgrades difficult since stetch-security has a newer version than buster.
>
Hi
Thanks for raising this problem.
On Wed, May 05, 2021 at 10:12:34PM +0200, Andreas Beckmann wrote:
> Source: mqtt-client
> Version: 1.14-1
> Severity: serious
> Tags: security
> User: debian...@lists.debian.org
> Usertags: piuparts
> Control: fixed -1 1.14-1+deb9u1
>
> Hi,
>
> CVE-2019-0222
Hi,
On Sun, Apr 04, 2021 at 09:05:06PM -0700, tony mancill wrote:
> On Sat, Mar 27, 2021 at 07:54:11PM +0100, Salvatore Bonaccorso wrote:
> > Source: libpdfbox2-java
> > Version: 2.0.22-1
> > Severity: important
> > Tags: security upstream
> > Forwarded: http
Source: netty
Version: 1:4.1.48-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
Strictly speaking this might be disputable as RC severity, but I think
it should be reach bullseye and so make
Source: libpdfbox2-java
Version: 2.0.22-1
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/PDFBOX-5112
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libpdfbox2-java.
CVE-2021-27906[0]:
| A care
Source: libpdfbox2-java
Version: 2.0.22-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libpdfbox2-java.
CVE-2021-27807[0]:
| A carefully crafted PDF file can trigger an infinite loop while
| l
Source: libxstream-java
Version: 1.4.15-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for libxstream-java.
CVE-2021-21341[0]:
| XStream is a Java library to serialize objects to XML and back a
Source: velocity-tools
Version: 2.0-7
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for velocity-tools.
CVE-2020-13959[0]:
| The default error page for VelocityView in Apache Velocity Tools prior
|
Source: velocity
Version: 1.7-5.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.7-5
Hi,
The following vulnerability was published for velocity.
CVE-2020-13936[0]:
| An attacker that is able to modify Velocity templates may
Source: xmlgraphics-commons
Version: 2.4-1
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/XGC-122
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xmlgraphics-commons.
CVE-2020-11988[0]:
| Apach
Source: netty
Version: 1:4.1.48-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2021-21295[0]:
| Netty is an open-source, asynchronous event-driven network application
| framework fo
Source: batik
Version: 1.12-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
The following vulnerability was published for batik.
CVE-2020-11987[0]:
| Apache Batik 1.13 is vulnerable to server-side request forgery, caused
| by improper input val
Hi Emmanuel,
On Sat, May 30, 2020 at 02:50:32PM +0200, Emmanuel Bourg wrote:
> Control: severity -1 important
>
> Le 22/05/2020 à 22:51, Salvatore Bonaccorso a écrit :
>
> > The following vulnerability was published for jodd. I'm filling it as
> > RC severity since
Source: jackson-dataformat-cbor
Version: 2.7.8-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/FasterXML/jackson-dataformats-binary/issues/186
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jackson-dataformat-cb
1 - 100 of 190 matches
Mail list logo