Hi Salvatore,
Am 17.01.20 um 06:31 schrieb Salvatore Bonaccorso:
[...]
> The patch proposed by Red Hat looks straightforward (with my limited
> understanding though), but might have as well potential for regression
> reports, as it is disabling deserialization by default, i.e. only uses
> it if
Hi Markus,
On Fri, Jan 17, 2020 at 01:04:10AM +0100, Markus Koschany wrote:
> Hi,
>
> Am 16.01.20 um 21:27 schrieb Salvatore Bonaccorso:
> > Source: libxmlrpc3-java
> > Version: 3.1.3-9
> > Severity: grave
> > Tags: security upstream
> > Justification: user security hole
> >
> > Hi,
> >
> >
Hi,
Am 16.01.20 um 21:27 schrieb Salvatore Bonaccorso:
> Source: libxmlrpc3-java
> Version: 3.1.3-9
> Severity: grave
> Tags: security upstream
> Justification: user security hole
>
> Hi,
>
> The following vulnerability was published for libxmlrpc3-java.
>
> CVE-2019-17570[0]:
> |
Processing control commands:
> owner -1 !
Bug #949089 [src:libxmlrpc3-java] libxmlrpc3-java: CVE-2019-17570:
deserialization of server-side exception from faultCause in XMLRPC error
response
Owner recorded as Markus Koschany .
--
949089:
Control: owner -1 !
More information and proposed patch at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570
signature.asc
Description: OpenPGP digital signature
Source: libxmlrpc3-java
Version: 3.1.3-9
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerability was published for libxmlrpc3-java.
CVE-2019-17570[0]:
| Deserialization of server-side exception from faultCause in XMLRPC
| error response
That
6 matches
Mail list logo