Bug 14137

Summary: [CVE 21] xerces-j CVE
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: a.proklov, s.matveev
Version: AllFlags: v.potapov: qa_verified+
v.potapov: secteam_verified?
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
URL: CVE-2022-23437
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Vladimir Potapov 2023-12-08 13:31:57 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2022-23437 MEDIUM
Comment 1 Svyatoslav Matveev 2024-01-17 17:43:33 MSK 
********** QA ADVISORY **********

CVE-2022-23437 закрыто патчем

backport:
https://lists.apache.org/thread/8bdbk40hf1oqhyvmdcvtqwr2hwfhhmkt

*** xerces-j2
**  2.12.0 release +1

https://abf.io/build_lists/4956922
https://abf.io/build_lists/4956923

**  rosa2021.15
*** xerces-j2
**  2.12.0 release +1

https://abf.io/build_lists/4956924
https://abf.io/build_lists/4956925
Comment 2 Vladimir Potapov 2024-01-18 08:11:05 MSK 
(In reply to Svyatoslav Matveev from comment #1)

> *** xerces-j2
> **  2.12.0 release +1
> 
> https://abf.io/build_lists/4956922
> https://abf.io/build_lists/4956923
*****************************************
The update is sent to testings


> **  rosa2021.15
> *** xerces-j2
> **  2.12.0 release +1
> 
> https://abf.io/build_lists/4956924
> https://abf.io/build_lists/4956925
******************************************
published
Comment 3 Vladimir Potapov 2024-01-23 10:24:50 MSK 
xerces-j2-2.12.0-4
https://abf.io/build_lists/4956922
https://abf.io/build_lists/4956923
*************************** Advisory *************************
CVE-2022-23437 fixed via patch
**************************************************************
QA Verified