#47342 - java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351

GNU bug report logs - #47342
java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Tue, 23 Mar 2021 14:34:02 UTC

Severity: normal

Tags: security

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Message #11 received at 47342 <at> debbugs.gnu.org (full text, mbox):

From: Léo Le Bouter <lle-bout <at> zaclys.net> To: 47342 <at> debbugs.gnu.org Cc: Léo Le Bouter <lle-bout <at> zaclys.net> Subject: [PATCH 1/2] gnu: Add java-mxparser. Date: Tue, 23 Mar 2021 15:38:39 +0100

* gnu/packages/xml.scm (java-mxparser): New variable. --- gnu/packages/xml.scm | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 2a72fc6ad2..96287b3174 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -2256,6 +2256,34 @@ outputting XML data from Java code.") and back again.") (license license:bsd-3))) +(define-public java-mxparser + (package + (name "java-mxparser") + (version "1.2.1") + (source (origin + (method url-fetch) + (uri + (string-append + "https://repo1.maven.org/maven2/io/github/x-stream/mxparser/" + version "/mxparser-" version "-sources.jar")) + (sha256 + (base32 + "0mly55qbs2109wwbiz890n87r54iz7cykazl0rlsih6sg5lx8kdl")))) + (build-system ant-build-system) + (home-page "https://github.com/x-stream/mxparser") + (synopsis "Streaming pull XML parser forked from @code{java-xpp3}") + (description "Xml Pull Parser (in short XPP) is a streaming pull XML +parser and should be used when there is a need to process quickly and +efficiently all input elements (for example in SOAP processors). This +package is a stable XmlPull parsing engine that is based on ideas from XPP +and in particular XPP2 but completely revised and rewritten to take the best +advantage of JIT JVMs. + +MXParser is a fork of xpp3_min 1.1.7 containing only the parser with merged +changes of the Plexus fork. It is an implementation of the XMLPULL V1 API +(parser only).") + (license (license:non-copyleft "file://LICENSE.txt")))) + (define-public xmlrpc-c (package (name "xmlrpc-c") -- 2.31.0

This bug report was last modified 4 years and 121 days ago.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47342 java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351

GNU bug report logs - #47342
java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351