All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
CVE: (none) => CVE-2019-10782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10782 Package dropped in Cauldron.
Source RPM: checkstyle => checkstyle-8.0-3.mga7.src.rpmSummary: checkstyle security vulnerability CVE-2019-10782 => checkstyle new security issue CVE-2019-10782
Hi, thanks for reporting this. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it)
CC: (none) => ouaurelienAssignee: bugsquad => mageia
Debian-LTS has issued an advisory for this on February 10: https://www.debian.org/lts/security/2020/dla-2099 This was actually filed as Bug 26219 before, but wrongly closed.
Status comment: (none) => Patch available from Debian
Patched checked into Mageia 7. This is Java stuff that isn't really used by anything, so I don't think it's worth pushing an update, but feel free to push to the build system if you disagree.
Status comment: Patch available from Debian => Patch checked into SVN
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Resolution: (none) => OLDStatus: NEW => RESOLVED