Bug 29936 - xerces-j2 new security issue CVE-2022-23437
Summary: xerces-j2 new security issue CVE-2022-23437
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Java Stack Maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-24 16:00 CET by David Walser
Modified: 2024-01-12 09:36 CET (History)
2 users (show)

See Also:
Source RPM: xerces-j2-2.12.1-2.mga9.src.rpm
CVE:
Status comment: Fixed upstream in 2.12.2

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-01-24 16:00:27 CET 
An advisory has been issued today (January 24):
https://www.openwall.com/lists/oss-security/2022/01/24/3

The issue is fixed upstream in 2.12.2.

Mageia 8 is also affected.
David Walser 2022-01-24 16:00:39 CET

Status comment: (none) => Fixed upstream in 2.12.2
Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2022-02-18 18:57:40 CET 
SUSE has issued an advisory for this today (February 18):
https://lists.suse.com/pipermail/sle-security-updates/2022-February/010271.html
Comment 2 David Walser 2022-02-21 23:49:23 CET 
(In reply to David Walser from comment #1)
> SUSE has issued an advisory for this today (February 18):
> https://lists.suse.com/pipermail/sle-security-updates/2022-February/010271.
> html

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U7E32672AADOJILNWAAKOTVLBYTBDBKD/
Comment 3 David GEIGER 2023-06-29 20:20:25 CEST 
Fixed for cauldron! we have the 2.12.2 release.

Whiteboard: MGA8TOO => (none)
CC: (none) => geiger.david68210
Version: Cauldron => 8

Comment 4 Nicolas Salguero 2024-01-12 09:36:46 CET 
Mageia 8 EOL

CC: (none) => nicolas.salguero
Resolution: (none) => OLD
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.