Your message dated Tue, 3 Aug 2021 11:15:57 +0200
with message-id <[email protected]>
and subject line Accepted libjdom1-java 1.1.3-2.1 (source) into unstable
has caused the Debian Bug report #990672,
regarding libjdom1-java: CVE-2021-33813
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
990672: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990672
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libjdom2-java
Version: 2.0.6-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/hunterhacker/jdom/pull/188
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:libjdom1-java 1.1.3-2
Control: found -1 2.0.6-1
Control: found -2 1.1.3-2
Hi,
The following vulnerability was published for libjdom2-java.
CVE-2021-33813[0]:
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to
| cause a denial of service via a crafted HTTP request.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-33813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33813
[1] https://github.com/hunterhacker/jdom/pull/188
[2] https://alephsecurity.com/vulns/aleph-2021003
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libjdom1-java
Source-Version: 1.1.3-2.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 04 Jul 2021 14:14:56 +0530
Source: libjdom1-java
Architecture: source
Version: 1.1.3-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Utkarsh Gupta <[email protected]>
Changes:
libjdom1-java (1.1.3-2.1) unstable; urgency=medium
.
* Non-maintainer upload by the LTS team.
* Add patch to fix setFeature bug and add test case.
(Fixes: CVE-2021-33813)
Checksums-Sha1:
605a6e9795790631b328a069702eb213e02781be 2238 libjdom1-java_1.1.3-2.1.dsc
f3571d1c199f20db82129ac448efd89590313e4b 332793 libjdom1-java_1.1.3.orig.tar.gz
3be941d0bf70ee3a90ced51af8a08704d38d217f 7832
libjdom1-java_1.1.3-2.1.debian.tar.xz
7ac00844c2b945d3c13c1ca637e62b6730e55a29 6071
libjdom1-java_1.1.3-2.1_source.buildinfo
Checksums-Sha256:
22c8c24ccf6d3428e107d301b8dd46d57431708da4756246695abf813d9f1d6e 2238
libjdom1-java_1.1.3-2.1.dsc
1be1cf58a959b0feff7e560f305d808d1b36ee1961e3a304188d34622497e02e 332793
libjdom1-java_1.1.3.orig.tar.gz
eb03f0c1e3c1e9abf01bfd25b7a2668094eae10412e52ebdeb5c346387f73338 7832
libjdom1-java_1.1.3-2.1.debian.tar.xz
d49745d14f4c39a9091b5980f52e679527decf043d2cb028f500917532756a56 6071
libjdom1-java_1.1.3-2.1_source.buildinfo
Files:
c7e9e5bc40d1eb4472c5dd5f22e3153e 2238 java optional libjdom1-java_1.1.3-2.1.dsc
6e7c6d71cba824c3fdc4509e2183b346 332793 java optional
libjdom1-java_1.1.3.orig.tar.gz
dbe2c5255914cb464b259cc89cd75d0d 7832 java optional
libjdom1-java_1.1.3-2.1.debian.tar.xz
810ab9508660dbafc0a37af1897dd334 6071 java optional
libjdom1-java_1.1.3-2.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmEIExwTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLluRvD/9uPxD0fUPmy8d2lrSJFMR274ZOBghZ
D2ZrZqaiDrvctvvj4u5yaVmKK1hxmWxigAb82tmjrtf+pzyqYbIIjUaYESzcIDrF
mSdh14L6HDQLz1r2nnlnu/ZL2O2vBJBTR4nAsF2PvJ5p0Y3s/HQvKtpI3T6pQZTo
7KO0dYwvEq811L+u4+sJlWbaJCrKAGrMs+I8zqyFu3vzUWNcPHyEmid1MpTBUyMy
Z9Ku46mW0OwOAQ7hHHyzGxyllEjWYrWuiloQJEiV0jhPwU+/qLaNCMsFRLuMzYhT
bGZVBs/IcbWX52H4FGgJVWVZDnZa2Fpp60AZyZTEnznce3ZrzMmJGqoVrJ1eAh9N
z28b9f3UmpLcENiBZoxBvytFkiXCarRtTwNW4rFFNXnTR2613U+Q65Bv6Tv1n4bu
1fVNHWVqDXnpc508kIKQrbl7mi7kpQXXCBVrMxZJCiIiaNJQJ6MFELThFRWIfCuX
Aorf+Q2J/IE2I9rIiZGLdLcwtbNTHCjr8kg6bgr4SkzfeNINaAbdZKEqjnRBYumQ
4S8weB/gF/YAVZH2uXt0U1FuIvFHTzMQTW/AVif0L91elw4F1EKLG62kUBYCYLgQ
GBEVWwHetq71a402CePRoUMwfz3Pdewy5j0iX5RXOeGdxVMRsdrpRDKcgzEFmjxp
4TJDkD2coC6O4g==
=MRdN
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
