CVE-2021-23926: The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. Fixed in 3.0.0 according to the Jira bug. Please bump.
Package list is empty or all packages have requested keywords.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3f254610fff7084fd31de7dc701f8c34566d5d0 commit f3f254610fff7084fd31de7dc701f8c34566d5d0 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2021-08-08 10:45:06 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-08-09 05:31:14 +0000 dev-java/xml-xmlbeans: remove last rited package Closes: https://bugs.gentoo.org/489486 Closes: https://bugs.gentoo.org/796587 Closes: https://bugs.gentoo.org/765451 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/xml-xmlbeans/Manifest | 1 - .../xml-xmlbeans-2.6.0-SchemaCompiler.java.patch | 14 --- .../files/xml-xmlbeans-2.6.0-jam.patch | 64 ------------- .../files/xml-xmlbeans-2.6.0-piccolo.patch | 14 --- .../xml-xmlbeans-2.6.0-remove-jamsupport.patch | 37 ------- dev-java/xml-xmlbeans/metadata.xml | 25 ----- dev-java/xml-xmlbeans/xml-xmlbeans-2.6.0.ebuild | 106 --------------------- 7 files changed, 261 deletions(-)
Thanks!