Bug 28090

Summary:	xmlbeans new security issue CVE-2021-23926
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	Java Stack Maintainers <java>
Status:	RESOLVED OLD	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal
Version:	7
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	xmlbeans-2.6.0-14.mga7.src.rpm	CVE:
Status comment:	Fixed upstream in 3.0.0

Description David Walser 2021-01-13 20:31:58 CET

Apache has issued an advisory today (January 13):
https://www.openwall.com/lists/oss-security/2021/01/13/6

The issue is fixed upstream in 3.0.0.

David Walser 2021-01-13 20:32:12 CET

Status comment: (none) => Fixed upstream in 3.0.0

Comment 1 David Walser 2021-06-29 18:41:28 CEST

Debian-LTS has issued an advisory for this on June 28:
https://www.debian.org/lts/security/2021/dla-2693

Comment 2 David Walser 2021-07-01 18:28:51 CEST

https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED