Control: reassign -1 src:bcel
Control: tags -1 pending
I have notified oss-security about the find. Reassigning to bcel.
signature.asc
Description: This is a digitally signed message part
__
This is the maintainer address of Debian's Java team
Am Thu, Oct 13, 2022 at 09:36:09PM +0200 schrieb Markus Koschany:
> Hi,
>
> I just had a go at this issue and I discovered that libxalan2-java in Debian
> is
> not affected but rather bcel.
>
> https://tracker.debian.org/pkg/bcel
>
> The fixing commit in OpenJDK addresses the same code which
Hi,
I just had a go at this issue and I discovered that libxalan2-java in Debian is
not affected but rather bcel.
https://tracker.debian.org/pkg/bcel
The fixing commit in OpenJDK addresses the same code which is nowhere to be
found in libxalan2-java but is present in bcel. The bcel upstream
Source: libxalan2-java
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libxalan2-java.
CVE-2022-34169[0]:
| The Apache Xalan Java XSLT library is vulnerable to an integer
| truncation issue when processing malicious XSLT
