Summary: | <dev-java/fop-2.3: XML external entity processing vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | ajak, java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1443585 | ||
Whiteboard: | B3 [glsa? cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 834482 | ||
Bug Blocks: |
Description
Agostino Sarubbo
![]() @maintainer(s): ping FOP 2.3 is available (https://xmlgraphics.apache.org/fop/2.3/) which also contains the fix. Demetris Nakos - Gentoo Security Padawan - Maintainer(s): Ping. FOP is now at version 2.5 upstream. Fix for CVE-2017-5661 was released with 2.2. https://xmlgraphics.apache.org/fop/2.5/ Maintainers, please update the vulnerable package, or consider removing from tree if there are no plans to update. Thanks! |