Summary: | <dev-java/commons-text-1.10.0: arbitrary code execution via StringLookup interpolation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | java |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om | ||
See Also: |
https://github.com/gentoo/gentoo/pull/27802 https://github.com/gentoo/gentoo/pull/27941 |
||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 877763 | ||
Bug Blocks: |
Description
John Helmert III
2022-10-18 20:40:26 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5a83e6b764ed915e5b2dbacdf6b2cbb7c9b6bdd commit a5a83e6b764ed915e5b2dbacdf6b2cbb7c9b6bdd Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2022-10-16 08:12:52 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-10-20 11:18:21 +0000 dev-java/commons-text: add 1.10.0 (CVE-2022-42889) Bug: https://bugs.gentoo.org/877577 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/27802 Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/commons-text/Manifest | 1 + dev-java/commons-text/commons-text-1.10.0.ebuild | 59 ++++++++++++++++++++++++ 2 files changed, 60 insertions(+) Thanks! Please stabilize when ready. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07e28cb7773bf8a1766227b964661533012765f8 commit 07e28cb7773bf8a1766227b964661533012765f8 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2022-10-25 13:18:40 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-25 21:55:41 +0000 dev-java/commons-text: drop 1.9 Bug: https://bugs.gentoo.org/877577 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/27941 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-java/commons-text/Manifest | 1 - dev-java/commons-text/commons-text-1.9.ebuild | 43 --------------------------- 2 files changed, 44 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=45e0bd72744551e71baa23cf23de456d4dd49331 commit 45e0bd72744551e71baa23cf23de456d4dd49331 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-01-11 05:18:10 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-11 05:22:05 +0000 [ GLSA 202301-05 ] Apache Commons Text: Arbitrary Code Execution Bug: https://bugs.gentoo.org/877577 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202301-05.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) GLSA released, all done! |