GNU bug report logs - #47342
java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Tue, 23 Mar 2021 14:34:02 UTC

Severity: normal

Tags: security

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

Message #27 received at 47342-done <at> debbugs.gnu.org (full text, mbox):

From: Julien Lepiller <julien <at> lepiller.eu>
To: 47342-done <at> debbugs.gnu.org
Cc: Léo Le Bouter <lle-bout <at> zaclys.net>
Subject: Re: bug#47342: java-xstream <at> 1.4.15 is vulnerable to CVE-2021-21341,
 CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345,
 CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349,
 CVE-2021-21350 and CVE-2021-21351
Date: Tue, 23 Mar 2021 23:31:32 +0100

Le Tue, 23 Mar 2021 15:33:26 +0100,
Léo Le Bouter via Bug reports for GNU Guix <bug-guix <at> gnu.org> a écrit :

> Upstream has made a release: 1.4.16 - which fixes all the issues,
> following is an unfinished patchset that fixes the issues, java-
> mxparser package does not build and help from some more experienced
> Java packagers is welcome to fix and push this patchset.

Pushed as 4490dff98c6979a77f3982716239b526e0ef1337 to
8b2b5463963d5d4dee480b0cf73fa4a9eca414ba to master,
with changes discussed on IRC.

Thanks a lot for noticing it!
This bug report was last modified 4 years and 121 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.