[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2191-1] dom4j security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : dom4j
Version        : 1.6.1+dfsg.3-2+deb8u2
CVE ID         : CVE-2020-10683
Debian Bug     : 958055


A flaw was found in dom4j library. By using the default
SaxReader() provided by Dom4J, external DTDs and External
Entities are allowed, resulting in a possible XXE.

For Debian 8 "Jessie", this problem has been fixed in version
1.6.1+dfsg.3-2+deb8u2.

We recommend that you upgrade your dom4j packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl6rSnEACgkQgj6WdgbD
S5aT7hAAqb7t2fNB/2ZFzT7VaaXVLrMX5JAytpPtQofD6K+c8eAqEXK0lwzr4GNB
i9ADeALreXcm6ovgwZHYpOlh5Oer31RFpyUNz7nJ4HTLdNxpC8T5hT9oEtFZoRs+
Zb7NsMVEpTSVQveAvPe4gedS1KdMyQ5JwXb7LFLZG1DNZ2jAuI8aA5wWgFuRgmL+
JMFSqplCquHOLyxPF169YOt0Bp/Eu43PZtoZLo/tqKKRtsjxHC6ged3EVVPYS2c3
MaRkFiPaL7hxcwJCbekq8pKRGiYcvJupSWjnXZp2JwWjW/oF2cM7mSqm3D+145nM
ih4MyByrryPEsm5biAxox7Fn2QTA2iAui5yqmFIK+zv24es0ljEIelRpKWHgkR6A
5KhPnO08xaFZwuxHnthFKi0CJ5HHaRRVEBnbo34Wrq84Q0MUKnKCyTQ84NBMZL2O
+FY9hYr4y6B2Ff8oxRRI4myDkJaLi+Dz4kaGZdgx/M/UAfpo0NKUZkZhM0mKHvW6
xafgz1YAM+NqKFzQWrQp3xmg5zMXqSoICFdThokTwUQ54wrlch1x/WvEbo9TisbU
X9Z5S+eGcvpBXvhuZyNSqb5IS+QrfdAHiAypYD0vPlLV6t0HyjBN3OgYtILLzDC4
8cdB3kQMrRN3kJUSf+5lOfinT2cmYIGzpT6VkioCxNFoenGZaZ8=
=VMa0
-----END PGP SIGNATURE-----


Reply to: