Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 859397 - dev-java/xalan: remote code execution
Summary: dev-java/xalan: remote code execution
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2022-34169, CVE-2022-42920
  Show dependency tree
 
Reported: 2022-07-19 19:29 UTC by John Helmert III
Modified: 2022-10-21 00:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-19 19:29:30 UTC 
See tracker for details, though there don't seem to be any yet..
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-21 00:52:13 UTC 
Vulnerability is in bcel according to https://www.openwall.com/lists/oss-security/2022/10/18/2, which we're depending on in the ebuild. Fix will have to be there, so nothing for xalan to do.