Your message dated Wed, 06 May 2026 07:33:33 +0000
with message-id <[email protected]>
and subject line Bug#1135782: fixed in apache-opennlp 2.5.9-1
has caused the Debian Bug report #1135782,
regarding apache-opennlp: CVE-2026-40682 CVE-2026-42027 CVE-2026-42440
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135782: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135782
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: apache-opennlp
Version: 2.5.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for apache-opennlp.
CVE-2026-40682[0]:
| XML External Entity (XXE) via Unsanitized Dictionary Parsing in
| Apache OpenNLP DictionaryEntryPersistor Versions Affected: before
| 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor
| class initializes a static SAXParserFactory at class-load time
| without enabling FEATURE_SECURE_PROCESSING or disabling DTD
| processing. When create(InputStream, EntryInserter) is invoked, the
| only feature set on the XMLReader is namespace support — external
| entity resolution and DOCTYPE declarations remain fully enabled. An
| attacker who can supply a crafted dictionary file (e.g., a stop-word
| list or domain dictionary) containing a malicious DOCTYPE
| declaration can trigger local file disclosure via file:// entity
| references or server-side request forgery via http:// entity
| references during SAX parsing, before the application processes a
| single dictionary entry. This is inconsistent with the project's own
| XmlUtil.createSaxParser() helper, which correctly sets
| FEATURE_SECURE_PROCESSING and disallow-doctype-decl and is used by
| all other XML parsing paths in the codebase. The public
| Dictionary(InputStream) constructor delegates directly to this
| method and is the documented API for loading user-supplied
| dictionaries, making untrusted input a realistic scenario.
| Mitigation: 2.x users should upgrade to 2.5.9. 3.x users should
| upgrade to 3.0.0-M3. Users who cannot upgrade immediately should
| ensure that all dictionary files are sourced from trusted origins
| and should consider wrapping the Dictionary(InputStream) constructor
| with input validation that rejects any XML containing a DOCTYPE
| declaration before it reaches the parser.
CVE-2026-42027[1]:
| Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP
| ExtensionLoader Versions Affected: before 2.5.9, before
| 3.0.0-M3 Description: The
| ExtensionLoader.instantiateExtension(Class, String) method loads a
| class by its fully-qualified name via Class.forName() and invokes
| its no-arg constructor, with the class name sourced from the
| manifest.properties entry of a model archive. The existing
| isAssignableFrom check correctly rejects classes that are not
| subtypes of the expected extension interface (BaseToolFactory for
| factory=, ArtifactSerializer for serializer-class-*), but the check
| runs after Class.forName() has already loaded and initialized the
| named class. Class.forName() with default initialization semantics
| executes the target class's static initializer before returning, so
| an attacker who can supply a crafted model archive can cause the
| static initializer of any class on the classpath to run during model
| loading, regardless of whether that class passes the subsequent type
| check. Exploitation requires a class with attacker-useful side
| effects in its static initializer (for example, JNDI lookup,
| outbound network I/O, or filesystem access) to be present on the
| classpath, so this is not a drop-in remote code execution; however,
| the attack surface grows as third-party model distribution becomes
| more common (community model repositories, Hugging Face-style
| sharing), where users routinely load model files from origins they
| do not control. A secondary, narrower vector affects deployments
| that ship legitimate BaseToolFactory or
| ArtifactSerializer subclasses with side-effecting no-arg
| constructors: a malicious manifest can name such a class and force
| its constructor to run during model load. Mitigation: *
| 2.x users should upgrade to 2.5.9. * 3.x users should upgrade to
| 3.0.0-M3. Note: The fix introduces a package-prefix allowlist
| that is consulted before Class.forName() is invoked, so the static
| initializer of a disallowed class is never executed. Classes under
| the opennlp. prefix remain permitted by default. Deployments that
| load models referencing factories or serializers outside
| opennlp.* must opt those packages in, either programmatically via
| ExtensionLoader.registerAllowedPackage(String) before the first
| model load, or by setting the OPENNLP_EXT_ALLOWED_PACKAGES system
| property to a comma-separated list of allowed package prefixes.
| Users who cannot upgrade immediately should ensure that all model
| files are sourced from trusted origins and should audit their
| classpath for classes with side-effecting static initializers or
| constructors, particularly any that perform JNDI lookups, network
| requests, or filesystem operations during class initialization.
CVE-2026-42440[2]:
| OOM Denial of Service via Unbounded Array Allocation in Apache
| OpenNLP AbstractModelReader Versions Affected: before 2.5.9
| before 3.0.0-M3 Description: The AbstractModelReader methods
| getOutcomes(), getOutcomePatterns(), and getPredicates() each read a
| 32-bit signed integer count field from a binary model stream and
| pass that value directly to an array allocation (new
| String[numOutcomes], new int[numOCTypes][], new String[NUM_PREDS])
| without validating that the value is non-negative or within a
| reasonable bound. The count is therefore fully attacker-controlled
| when the model file originates from an untrusted source. A crafted
| .bin model file in which any of these count fields is set to
| Integer.MAX_VALUE (or any value large enough to exhaust the
| available heap) triggers an OutOfMemoryError at the array allocation
| itself, before the corresponding label or pattern data is consumed
| from the stream. The error occurs very early in deserialization: for
| a GIS model, getOutcomes() is reached after only the model-type
| string, the correction constant, and the correction parameter have
| been read; so the attacker pays no meaningful size cost to weaponize
| a payload, and a single small file can crash a JVM that loads it.
| Any code path that deserializes a .bin model is affected, including
| direct use of GenericModelReader and any higher-level component that
| delegates to it during model load. The practical impact is denial
| of service against processes that load model files from untrusted or
| semi-trusted origins. Mitigation: * 2.x users should
| upgrade to 2.5.9. * 3.x users should upgrade to 3.0.0-M3.
| Note: The fix introduces an upper bound on each of the three count
| fields, checked before array allocation; counts that are negative or
| exceed the bound cause an IllegalArgumentException to be thrown and
| the read to fail fast with no large allocation. The default bound is
| 10,000,000, which is well above the entry counts of legitimate
| OpenNLP models but far below any value that would threaten heap
| exhaustion. Deployments that legitimately need to load models with
| more entries than the default can raise the limit at JVM startup by
| setting the OPENNLP_MAX_ENTRIES system property to the desired
| positive integer (e.g. -DOPENNLP_MAX_ENTRIES=50000000); invalid or
| non-positive values fall back to the default. Users who cannot
| upgrade immediately should treat all .bin model files as untrusted
| input unless their provenance is verified, and should avoid loading
| models supplied by end users or fetched from third-party
| repositories without integrity checks.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-40682
https://www.cve.org/CVERecord?id=CVE-2026-40682
[1] https://security-tracker.debian.org/tracker/CVE-2026-42027
https://www.cve.org/CVERecord?id=CVE-2026-42027
[2] https://security-tracker.debian.org/tracker/CVE-2026-42440
https://www.cve.org/CVERecord?id=CVE-2026-42440
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: apache-opennlp
Source-Version: 2.5.9-1
Done: Andrius Merkys <[email protected]>
We believe that the bug you reported is fixed in the latest version of
apache-opennlp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrius Merkys <[email protected]> (supplier of updated apache-opennlp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 06 May 2026 03:08:06 -0400
Source: apache-opennlp
Architecture: source
Version: 2.5.9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Andrius Merkys <[email protected]>
Closes: 1135782
Changes:
apache-opennlp (2.5.9-1) unstable; urgency=medium
.
* New upstream version 2.5.9 (Closes: #1135782)
[CVE-2026-40682, CVE-2026-42027, CVE-2026-42440]
Checksums-Sha1:
02f977f61af98b92c4f35f6db9204b683986e1ac 2702 apache-opennlp_2.5.9-1.dsc
e1758677910a2e97a4dcf903304be317b8f8d2df 2812321
apache-opennlp_2.5.9.orig.tar.gz
6fdcbd8fee6fc57e80d84d161644169513324496 870
apache-opennlp_2.5.9.orig.tar.gz.asc
047e38d8294dcbc4eff632be217577edfe6dccfe 36940
apache-opennlp_2.5.9-1.debian.tar.xz
22e3a5095478374b82d03614f862f95e70078258 5554
apache-opennlp_2.5.9-1_source.buildinfo
Checksums-Sha256:
a3bc447cc160d366ca7bed82022c653598f50a5a018318d22dbd05b481eb9083 2702
apache-opennlp_2.5.9-1.dsc
f69625d51db4468ae7850482140da64160726499b66d1521bdf8a503d5d66896 2812321
apache-opennlp_2.5.9.orig.tar.gz
0bcd2b5d0cccf50cdf19e52796e4a56e19401eb110d62cd766c2814f39aaec81 870
apache-opennlp_2.5.9.orig.tar.gz.asc
0162d80f308a8992a80dcad8beea03ae2bea18ddbef55f8efc157864ee8ccee2 36940
apache-opennlp_2.5.9-1.debian.tar.xz
7962e0999a79ec0a0e40f7e54306829bd0260e7a5a5def4e33649ff911fba4d7 5554
apache-opennlp_2.5.9-1_source.buildinfo
Files:
20d1ef7e0e29dc55e760b67ed51a1e9d 2702 java optional apache-opennlp_2.5.9-1.dsc
da617d20b6675b529c9e1c07061a4d8a 2812321 java optional
apache-opennlp_2.5.9.orig.tar.gz
1aa1077363b35d74812bb3a386fc4e48 870 java optional
apache-opennlp_2.5.9.orig.tar.gz.asc
479b2942447fadd3373163c524569bd5 36940 java optional
apache-opennlp_2.5.9-1.debian.tar.xz
6a2e1bf8f98cf556c74371cf1ba8d9fd 5554 java optional
apache-opennlp_2.5.9-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEdyKS9veshfrgQdQe5fQ/nCc08ocFAmn66ucSHG1lcmt5c0Bk
ZWJpYW4ub3JnAAoJEOX0P5wnNPKHdNIQAIE1G0Sqrts4E9BKL19LZcewVjqOUu7q
qeDMso6MNb86R7CHZfb1TlbENP9Oyqdxsh7a14gSMuBAc/uzaAG8FD2qb7eU3ViW
I2+ZiE+QeevABg6D3GxZAa10jsSsyYb9Fafg5UFOZm+UtN79Q70gthkJ0r+qc9ap
sgeTC5vy+mMYVoBH8JJJp1KYQKeWUaKTOs/aMxC7jDt39rVHqK66Ol6K3MkxYtMw
193/axi5l/qjZxMLKknW807YHq2JndqUsWBTYFea3uxyaXTA3TGaglU5ui59zHZL
s+e1A/MiXo4eGbdsr2Z0Rp5SnFEyvlAK8IwPRViFpNwOMhx72skn4378b2S3A+5n
M/2y5bteN1dgu28RTruFt4JgAuYDsPw7lgVBRFZEldqqqhjpbCvvvvkENwztu+LK
lhCWa4DOOS+jdobcFJTTbp/8FMr1txDGgahoCketWIeWHmCzyyPJj2adWIlMgoeC
9Mg1Z0rzTJbgHx80ykrikGj9GkpuCaK6f66Yr4ikQ7cD4oEwjOEcd0hVO54rK/hd
AbDG3C/mcpiKUXCsukKK2u7gHHSAD752Wropt8Tm3ClKcOJ5fvVjyEbMXj79A8+N
9FZ3PrXayQkkrKjh2ehB0AGJF622ZOvhJhHiiT0yHxpdY0vZuAjDrpSRVzFkx/va
Uf763scHTHUI
=C3fa
-----END PGP SIGNATURE-----
pgpUK9N1K0sQs.pgp
Description: PGP signature
--- End Message ---
--
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
