https://bugzilla.redhat.com/show_bug.cgi?id=1694857
Bug ID: 1694857
Summary: CVE-2019-9658 checkstyle: Loads external DTDs by
default
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190311,reported=20190311,sour
ce=cve,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/
I:H/A:N,cwe=CWE-20,fedora-all/checkstyle=affected
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: dbhole(a)redhat.com, decathorpe(a)gmail.com,
edewata(a)redhat.com, greg.hellings(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nsantos(a)redhat.com,
rob.myers(a)gtri.gatech.edu,
stewardship-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Other
Checkstyle before 8.18 loads external DTDs by default.
Upstream issue:
https://github.com/checkstyle/checkstyle/issues/6474
https://github.com/checkstyle/checkstyle/issues/6478
Upstream patch:
https://github.com/checkstyle/checkstyle/pull/6476
References:
https://checkstyle.org/releasenotes.html#Release_8.18
--
You are receiving this mail because:
You are on the CC list for the bug.