Checkstyle before 8.18 loads external DTDs by default. https://checkstyle.org/releasenotes.html#Release_8.18 https://github.com/checkstyle/checkstyle/issues/6474 https://github.com/checkstyle/checkstyle/issues/6478 https://github.com/checkstyle/checkstyle/pull/6476
CVE ID: CVE-2019-9658 Summary: Checkstyle before 8.18 loads external DTDs by default. Allows unauthorized disclosure of information
@maintainer(s), please create an appropriate ebuild
Ping.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=446785d0cb1fa2fc2838cc450189797e0de5aba0 commit 446785d0cb1fa2fc2838cc450189797e0de5aba0 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2022-05-29 07:20:57 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2022-05-29 07:20:57 +0000 dev-util/checkstyle: treeclean Bug: https://bugs.gentoo.org/710750 Closes: https://bugs.gentoo.org/828453 Bug: https://bugs.gentoo.org/680516 Closes: https://bugs.gentoo.org/436226 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> dev-util/checkstyle/Manifest | 1 - dev-util/checkstyle/checkstyle-7.2-r1.ebuild | 67 ---------------------------- dev-util/checkstyle/metadata.xml | 12 ----- profiles/package.mask | 5 --- 4 files changed, 85 deletions(-)
Thanks, all done!