Summary: | dev-java/xstream: DoS when unmarshalling void type (CVE-2017-7957) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Volkan <vBugZilla> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1441538 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Volkan
2017-06-21 22:08:34 UTC
Reference with description http://x-stream.github.io/CVE-2017-7957.html Gentoo Security Padawan ChrisADR Update: Fixed in 1.4.10 release, see: https://x-stream.github.io/changes.html Summary: "Fix PrimitiveTypePermission to reject type void to prevent CVE-2017-7957 with an initialized security framework." The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3c11959755d652106860a3c9aa8ac271832fe89 commit c3c11959755d652106860a3c9aa8ac271832fe89 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-09-14 15:41:21 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-09-14 15:41:21 +0000 dev-java/xstream: Remove last-rited pkg Bug: https://bugs.gentoo.org/622428 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-java/xstream/Manifest | 1 - dev-java/xstream/metadata.xml | 8 ----- dev-java/xstream/xstream-1.4.8-r2.ebuild | 56 -------------------------------- profiles/package.mask | 5 --- 4 files changed, 70 deletions(-) buh bye |