Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 680516 (CVE-2019-9658)

Summary:	dev-util/checkstyle: Checkstyle loads external DTDs by default.
Product:	Gentoo Security	Reporter:	yuLya <gen2xmach1ne>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	normal	CC:	java
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [upstream cve]
Package list:		Runtime testing required:	---

Description yuLya 2019-03-15 20:13:37 UTC

Checkstyle before 8.18 loads external DTDs by default. 

https://checkstyle.org/releasenotes.html#Release_8.18
https://github.com/checkstyle/checkstyle/issues/6474
https://github.com/checkstyle/checkstyle/issues/6478
https://github.com/checkstyle/checkstyle/pull/6476

Comment 1 Yury German Gentoo Infrastructure

2019-03-27 03:44:27 UTC

CVE ID: CVE-2019-9658
   Summary: Checkstyle before 8.18 loads external DTDs by default.

Allows unauthorized disclosure of information

Comment 2 Sam James gentoo-dev

2020-03-19 01:54:48 UTC

@maintainer(s), please create an appropriate ebuild