[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1621-1] c3p0 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : c3p0
Version        : 0.9.1.2-9+deb8u1
CVE ID         : CVE-2018-20433
Debian Bug     : 917257

A XML External Entity (XXE) vulnerability was discovered in c3p0, a
library for JDBC connection pooling, that may be used to resolve
information outside of the intended sphere of control.

For Debian 8 "Jessie", this problem has been fixed in version
0.9.1.2-9+deb8u1.

We recommend that you upgrade your c3p0 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwmclxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRPWRAAhko0U5JoP8vrPKcqtPFrq5Jb3YpB+0NuVVJNIQ58nKVV17iD855P8XLz
cOcADMtFoWaG/Y0rrc+/JXKjyEyQD7lyWox8G0V5f7Yxqgacz9i25V3PkSed0G15
FQwawqYe0l0/CsPTulJMvQE8Z1HSqQiJ3haVgT3TwjxbYoh6e4hmfWGL+QqxwVTZ
GITXzwAbs73t3kL7ENvIaDFsE4bwejx3UT959cOOFcbQo/QldpkYhPhiX/U6935u
v65GGIMYAHaPgIb5jaP+ozRYK4LmenCuGfYOxGwf/WxPAb236WinxeyljIJwBs85
IF0QxH5o6A3sx+mc89Jn1cCG0vXtfi/WNKQF2jeYTkhPsZhUv3rgxIvjcU10Sfe+
8WIaaDN8xAHn9N9Coh6zm5v2mK8z/0PmF8AD/E0M5m7gqnh6pOrZ56LrH3Bz0q3l
aQOOGP5QERb6JVo4SnToUjHodyWVe9BRRBkTLivn/S8TaVbfP0wTRuVsN1T+PdZx
5U4eZEzrjAItbQLeopTSrq81TPnmN0EOGloLVn9gsudCUqdqD5ZU4ZD6XP46460S
oN2qJ7Q6MmC8uNfaIW4VfOjQVWOhwOQO7rA6sf+nc8ZukX9BmdeJiRX9ok7g57HN
tnzwZt3ojP3kZot3Ue5mo1QOhztTriO2dLxmuGTrO2VhnGRcDKo=
=TacZ
-----END PGP SIGNATURE-----


Reply to: