Bug#893663: freeplane: CVE-2018-1000069 XXE vulnerability

Markus Koschany apo at debian.org
Sat Mar 24 13:12:15 UTC 2018



Am 24.03.2018 um 11:32 schrieb Felix Natter:
[...]

> Since I am hiking this weekend, would it be possible to do this as the
> first thing on the Easter weekend (next Friday)? I also need to fix the
> knopflerfish RC bug (#893221), I will look into that this morning.
> 
> BTW: I *think* the patch should apply without major problems (the XML
> persistence hasn't changed much). But on the ant build systems (< 1.5)
> the sources are in <bundle>/src/** instead of <bundle>/src/main/java/**,
> so you can apply there with -p4 or something (and ignore the unmatched part
> for freeplane_plugin_script [1]). That part ([1]) can be applied
> manually.
> I will checkout the respective tag (debian/1.3.12-1, debian/1.5.18-1),
> create a branch from there ("jessie-security1", "stretch-security1"),
> import the patch, create a new changelog entry (will read about that)
> and test, ok?
> 
> [1] freeplane_plugin_script/src/main/java/org/freeplane/plugin/script/ScriptingRegistration.java
> 
> Cheers and Best Regards,

That's absolutely fine with me. Have a nice weekend!

Cheers,

Markus

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20180324/6cb3af0a/attachment.sig>


More information about the pkg-java-maintainers mailing list