Bug 13738

Summary:	[CVE 21] java-xmlbuilder 1.1 CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Yury <y.tumanov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	RESOLVED DUPLICATE	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	e.kosachev, s.matveev, v.potapov, y.tumanov
Version:	All
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2014-125087,
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Yury 2023-10-18 20:02:18 MSK

Please patch CVEs for package java-xmlbuilder version 1.1
  
INFO (CVEs are): java-xmlbuilder 1.1
 cves found
CVE-2014-125087
Desc: A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.
Link: https://nvd.nist.gov/vuln/detail/CVE-2014-125087
Severity: CRITICAL

Comment 1 Vladimir Potapov 2023-10-20 17:02:13 MSK


*** This bug has been marked as a duplicate of bug 13870 ***