CVE-2019-10782 (https://nvd.nist.gov/vuln/detail/CVE-2019-10782): All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
@maintainer(s): ping
Non-vulnerable versions depend on dev-java/saxon-10.6 which is not in ::gentoo.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=446785d0cb1fa2fc2838cc450189797e0de5aba0 commit 446785d0cb1fa2fc2838cc450189797e0de5aba0 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2022-05-29 07:20:57 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2022-05-29 07:20:57 +0000 dev-util/checkstyle: treeclean Bug: https://bugs.gentoo.org/710750 Closes: https://bugs.gentoo.org/828453 Bug: https://bugs.gentoo.org/680516 Closes: https://bugs.gentoo.org/436226 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> dev-util/checkstyle/Manifest | 1 - dev-util/checkstyle/checkstyle-7.2-r1.ebuild | 67 ---------------------------- dev-util/checkstyle/metadata.xml | 12 ----- profiles/package.mask | 5 --- 4 files changed, 85 deletions(-)
Thanks, all done!