[Bugs] [Bug 13335] New: [CVE 21] uimaj 2.8.1 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13335

          Platform: 2021.1
            Bug ID: 13335
           Summary: [CVE 21] uimaj 2.8.1  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2017-15691,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package uimaj version 2.8.1

INFO (CVEs are): uimaj 2.8.1
 cves found
CVE-2017-15691
Desc: In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to
3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0,
Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external
entity expansion (XXE) capability of various XML parsers. UIMA as part of its
configuration and operation may read XML from various sources, which could be
tainted in ways to cause inadvertent disclosure of local files or other
internal content.
Link: https://nvd.nist.gov/vuln/detail/CVE-2017-15691
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/157b7f11/attachment.html>