Bug 13249

Summary: [CVE 21] java-xmlbuilder 1.1 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: RESOLVED WONTFIX QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: m.novosyolov, s.matveev, y.tumanov
Version: AllFlags: y.tumanov: secteam_verified?
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2014-125087,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-05-02 16:33:33 MSK 
Please patch CVEs for package java-xmlbuilder version 1.1  
INFO (CVEs are): java-xmlbuilder 1.1 cves found
CVE-2014-125087
Desc: A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.
Link: https://nvd.nist.gov/vuln/detail/CVE-2014-125087
Severity: CRITICAL
Comment 1 Mikhail Novosyolov 2023-05-15 14:12:17 MSK 
В этом пакете пока не будем исправлять CVE в связи с отсутствием его широкого применения и сложностью их закрытия.