CVE-2024-28168: Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue. The above is fixed in 2.10.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfeddd5d6637f482103e816a046c1c356dbc0d0f commit dfeddd5d6637f482103e816a046c1c356dbc0d0f Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2024-10-15 17:42:35 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2024-10-30 11:32:00 +0000 dev-java/fop: add 2.10 - CVE-2024-28168 Updating fop-2.7-jars.tar.xz -> fop-2.10-jars.tar.xz with newer events solves several test exclusions. Bug: https://bugs.gentoo.org/941239 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/38836/commits/b312a3234fda20fe912b57e25cee1c0ec1ac9970 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/fop/Manifest | 3 + dev-java/fop/files/fop-2.10-java23.patch | 52 ++++++++ dev-java/fop/fop-2.10.ebuild | 211 +++++++++++++++++++++++++++++++ 3 files changed, 266 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ca790be25e7ecac2bcfe9abefc8adb850821a83 commit 5ca790be25e7ecac2bcfe9abefc8adb850821a83 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2024-12-09 08:30:18 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-12-09 10:18:40 +0000 dev-java/fop: drop 2.9-r1 - CVE-2024-28168 Bug: https://bugs.gentoo.org/941239 Bug: https://bugs.gentoo.org/945127 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/fop/Manifest | 3 - dev-java/fop/fop-2.9-r1.ebuild | 201 ----------------------------------------- 2 files changed, 204 deletions(-)
