[Bugs] [Bug 13270] [CVE 21] log4net 1.2.15 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13270

Svyatoslav Matveev <s.matveev на rosalinux.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Svyatoslav Matveev <s.matveev на rosalinux.ru> ---

(In reply to Yury from comment #0)
> Please patch CVEs for package log4net version 1.2.15
>   
> INFO (CVEs are): log4net 1.2.15
>  cves found
> CVE-2018-1285
> Desc: Apache log4net versions before 2.0.10 do not disable XML external
> entities when parsing log4net configuration files. This allows for XXE-based
> attacks in applications that accept attacker-controlled log4net
> configuration files.
> Link: https://nvd.nist.gov/vuln/detail/CVE-2018-1285
> Severity: CRITICAL

Уязвимость закрыта патчем.
Данный проект не подлежит проверки QA т.к.
лежит в репозитории contrib.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено&hellip;
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230504/941232ad/attachment-0001.html>