Bug#893663: freeplane: CVE-2018-1000069 XXE vulnerability
Felix Natter
fnatter at gmx.net
Fri Apr 6 19:40:40 UTC 2018
hello Security Team,
here are the CVE-2018-1000069 security updates for jessie and stretch:
[jessie]
https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=jessie-CVE-2018-1000069
(jessie-CVE-2018-1000069 branch)
[stretch]
https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=stretch-CVE-2018-1000069
(stretch-CVE-2018-1000069 branch)
Both are tested:
- builds
- activation log message is seen
- Save and Load XML works
In what format would you like the "tested packages"? *.deb?
Here is the corrsponding upstream commit:
https://github.com/freeplane/freeplane/commit/a5dce7f9f
The debdiffs are attached.
@Markus: Did you already submit the update for wheezy?
Cheers and Best Regards,
--
Felix Natter
debian/rules!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jessie-CVE-2018-1000069.debdiff
Type: application/octet-stream
Size: 12763 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20180406/9ae3601b/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stretch-CVE-2018-100006.debdiff
Type: application/octet-stream
Size: 13630 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20180406/9ae3601b/attachment-0003.obj>
More information about the pkg-java-maintainers
mailing list