Bug 680516 (CVE-2019-9658)

Summary:	dev-util/checkstyle: Checkstyle loads external DTDs by default.
Product:	Gentoo Security	Reporter:	yuLya <gen2xmach1ne>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	normal	CC:	java
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [ebuild cve]
Package list:		Runtime testing required:	---

Description yuLya 2019-03-15 20:13:37 UTC

Checkstyle before 8.18 loads external DTDs by default. 

https://checkstyle.org/releasenotes.html#Release_8.18
https://github.com/checkstyle/checkstyle/issues/6474
https://github.com/checkstyle/checkstyle/issues/6478
https://github.com/checkstyle/checkstyle/pull/6476

Comment 1 Yury German Gentoo Infrastructure

2019-03-27 03:44:27 UTC

CVE ID: CVE-2019-9658
   Summary: Checkstyle before 8.18 loads external DTDs by default.

Allows unauthorized disclosure of information

Comment 2 Sam James archtester

2020-03-19 01:54:48 UTC

@maintainer(s), please create an appropriate ebuild

Comment 3 John Helmert III gentoo-dev

2021-07-26 14:58:43 UTC

Ping.