From ${URL} : Described in this pull request by Tommy Johansen: “ We use Hibernate Validator (HV) and the @SafeHtlm annotation to validate input from users. During a security review we discovered that an unsafe XSS vector slipped by the validator. During debugging HV we discovered that the source of the problem was related to how Jsoup handled tags without a closing > when reaching EOF. ” <https://github.com/jhy/jsoup/pull/582> Additional references: <https://hibernate.atlassian.net/browse/HV-1012> <https://issues.jboss.org/browse/WFLY-5223> @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
commit 52af7b5 (HEAD, origin/master, origin/HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Sat Sep 5 14:50:23 2015 +0000 dev-java/jsoup: Version bump. Fixes security bug 559002. Package-Manager: portage-2.2.18 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> create mode 100644 dev-java/jsoup/jsoup-1.8.3.ebuild Arch teams, Please stabilise: dev-java/jsoup-1.8.3.ebuild Target arches: amd64 x86 Security, Please vote.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
commit f062a3d (HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Sun Sep 6 09:07:34 2015 +0000 dev-java/jsoup: Remove vulnerable versions. Fixes security bug 559002. Package-Manager: portage-2.2.18 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> delete mode 100644 dev-java/jsoup/jsoup-1.7.2.ebuild delete mode 100644 dev-java/jsoup/jsoup-1.8.1.ebuild Security please vote.
ping @security
no glsa for XSS