Bug 29936

Summary: xerces-j2 new security issue CVE-2022-23437
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: geiger.david68210, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: xerces-j2-2.12.1-2.mga9.src.rpm CVE:
Status comment: Fixed upstream in 2.12.2

Description David Walser 2022-01-24 16:00:27 CET 
An advisory has been issued today (January 24):
https://www.openwall.com/lists/oss-security/2022/01/24/3

The issue is fixed upstream in 2.12.2.

Mageia 8 is also affected.
David Walser 2022-01-24 16:00:39 CET

Status comment: (none) => Fixed upstream in 2.12.2
Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2022-02-18 18:57:40 CET 
SUSE has issued an advisory for this today (February 18):
https://lists.suse.com/pipermail/sle-security-updates/2022-February/010271.html
Comment 2 David Walser 2022-02-21 23:49:23 CET 
(In reply to David Walser from comment #1)
> SUSE has issued an advisory for this today (February 18):
> https://lists.suse.com/pipermail/sle-security-updates/2022-February/010271.
> html

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U7E32672AADOJILNWAAKOTVLBYTBDBKD/
Comment 3 David GEIGER 2023-06-29 20:20:25 CEST 
Fixed for cauldron! we have the 2.12.2 release.

Whiteboard: MGA8TOO => (none)
CC: (none) => geiger.david68210
Version: Cauldron => 8

Comment 4 Nicolas Salguero 2024-01-12 09:36:46 CET 
Mageia 8 EOL

CC: (none) => nicolas.salguero
Resolution: (none) => OLD
Status: NEW => RESOLVED