[Bug 1321789] New: CVE-2016-3674 XStream: enabled processing of external entities - java-sig-commits - Fedora Mailing-Lists

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

December

[Bug 1321789] New: CVE-2016-3674 XStream: enabled processing of external entities

[Bug 1341852] New:...

[Bug 1321792] New: CVE-2016-3674...

Red Hat Bugzilla

Tuesday, 29 March 2016 Tue, 29 Mar '16

2:29 a.m.

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Bug ID: 1321789 Summary: CVE-2016-3674 XStream: enabled processing of external entities Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, aileenc(a)redhat.com, alazarot(a)redhat.com, alonbl(a)redhat.com, bdawidow(a)redhat.com, bkearney(a)redhat.com, bmcclain(a)redhat.com, brms-jira(a)redhat.com, chazlett(a)redhat.com, cpelland(a)redhat.com, dblechte(a)redhat.com, dmcphers(a)redhat.com, eedri(a)redhat.com, epp-bugs(a)redhat.com, etirelli(a)redhat.com, gklein(a)redhat.com, gvarsami(a)redhat.com, hfnukal(a)redhat.com, java-maint(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jbpapp-maint(a)redhat.com, jcoleman(a)redhat.com, jdg-bugs(a)redhat.com, jialiu(a)redhat.com, jokerman(a)redhat.com, jorton(a)redhat.com, jpallich(a)redhat.com, kconner(a)redhat.com, kseifried(a)redhat.com, ldimaggi(a)redhat.com, lmeyer(a)redhat.com, lpetrovi(a)redhat.com, lsurette(a)redhat.com, mbaluch(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mizdebsk(a)redhat.com, mmaslano(a)redhat.com, mmccomas(a)redhat.com, mmccune(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com, mweiler(a)redhat.com, mwinkler(a)redhat.com, nwallace(a)redhat.com, ohadlevy(a)redhat.com, pavelp(a)redhat.com, rbalakri(a)redhat.com, Rhev-m-bugs(a)redhat.com, rrajasek(a)redhat.com, rwagner(a)redhat.com, rzhang(a)redhat.com, satellite6-bugs(a)redhat.com, sherold(a)redhat.com, soa-p-jira(a)post-office.corp.redhat.com, tcunning(a)redhat.com, theute(a)redhat.com, tiwillia(a)redhat.com, tjay(a)redhat.com, tkirby(a)redhat.com, tlestach(a)redhat.com, ttarrant(a)redhat.com, ydary(a)redhat.com, yeylon(a)redhat.com, ykaul(a)redhat.com XStream (x-stream.github.io) is a Java library to marshal Java objects into XML and back. For this purpose it supports a lot of different XML parsers. Some of those can also process external entities which was enabled by default. An attacker could therefore provide manipulated XML as input to access data on the file system, see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Show replies by date

Red Hat Bugzilla

Tuesday, 29 March Tue, 29 Mar

2:30 a.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Andrej Nemec <anemec(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1321791 Depends On| |1321792 --- Comment #1 from Andrej Nemec <anemec(a)redhat.com> --- Created jenkins-xstream tracking bugs for this issue: Affects: fedora-all [bug 1321792] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1321791 [Bug 1321791] CVE-2016-3674 XStream: enabled processing of external entities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1321792 [Bug 1321792] CVE-2016-3674 jenkins-xstream: XStream: enabled processing of external entities [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

2:30 a.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 --- Comment #2 from Andrej Nemec <anemec(a)redhat.com> --- Created xstream tracking bugs for this issue: Affects: fedora-all [bug 1321791] -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

2:32 a.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Andrej Nemec <anemec(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60315,reported=20160325,sou |60315,reported=20160325,sou |rce=oss-security,cvss2=6.8/ |rce=oss-security,cvss2=6.8/ |AV:N/AC:M/Au:N/C:P/I:P/A:P, |AV:N/AC:M/Au:N/C:P/I:P/A:P, |cwe=CWE-348,rhel-7/xstream= |cwe=CWE-348,rhel-7/xstream= |affected,amq-6.2.1/xstream= |affected,amq-6.2.1/xstream= |affected,brms-5/xstream=aff |affected,brms-5/xstream=aff |ected,jpp-6/xstream=affecte |ected,jpp-6/xstream=affecte |d,soap-5/xstream=affected,o |d,soap-5/xstream=affected,o |penshift-enterprise-2/xstre |penshift-enterprise-2/xstre |am=affected,rhev-m-3/jasper |am=affected,rhev-m-3/jasper |reports-server-pro=affected |reports-server-pro=affected |,jdg-6/xstream=affected,brm |,jdg-6/xstream=affected,brm |s-6/xstream=affected,bpms-6 |s-6/xstream=affected,bpms-6 |/xstream=affected,fsw-6/xst |/xstream=affected,fsw-6/xst |ream=affected,fedora-all/xs |ream=affected,fedora-all/xs |tream=affected,fedora-all/j |tream=affected,fedora-all/j |enkins-xstream=affected,rhn |enkins-xstream=affected,rhn |_satellite_6/xstream=affect |_satellite_6/xstream=affect |ed,rhscl-2/xstream=affected |ed,rhscl-2/maven30-xstream= | |affected -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

2:33 a.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Andrej Nemec <anemec(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1321793 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

7:08 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60315,reported=20160325,sou |60315,reported=20160325,sou |rce=oss-security,cvss2=6.8/ |rce=oss-security,cvss2=6.8/ |AV:N/AC:M/Au:N/C:P/I:P/A:P, |AV:N/AC:M/Au:N/C:P/I:P/A:P, |cwe=CWE-348,rhel-7/xstream= |cwe=CWE-348,rhel-7/xstream= |affected,amq-6.2.1/xstream= |affected,amq-6.2.1/xstream= |affected,brms-5/xstream=aff |affected,brms-5/xstream=won |ected,jpp-6/xstream=affecte |tfix,jpp-6/xstream=affected |d,soap-5/xstream=affected,o |,soap-5/xstream=affected,op |penshift-enterprise-2/xstre |enshift-enterprise-2/xstrea |am=affected,rhev-m-3/jasper |m=affected,rhev-m-3/jasperr |reports-server-pro=affected |eports-server-pro=affected, |,jdg-6/xstream=affected,brm |jdg-6/xstream=affected,brms |s-6/xstream=affected,bpms-6 |-6/xstream=affected,bpms-6/ |/xstream=affected,fsw-6/xst |xstream=affected,fsw-6/xstr |ream=affected,fedora-all/xs |eam=affected,fedora-all/xst |tream=affected,fedora-all/j |ream=affected,fedora-all/je |enkins-xstream=affected,rhn |nkins-xstream=affected,rhn_ |_satellite_6/xstream=affect |satellite_6/xstream=affecte |ed,rhscl-2/maven30-xstream= |d,rhscl-2/maven30-xstream=a |affected |ffected -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

7:12 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1322169 Depends On| |1322170 Depends On| |1322171 Depends On| |1322172 Depends On| |1322173 Depends On| |1322174 Depends On| |1322175 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

7:12 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1322177 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Thursday, 31 March Thu, 31 Mar

3:41 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 --- Comment #6 from Pavel Polischouk <pavelp(a)redhat.com> --- External References: https://github.com/x-stream/xstream/issues/25 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Friday, 1 April Fri, 1 Apr

4:39 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60315,reported=20160325,sou |60315,reported=20160325,sou |rce=oss-security,cvss2=6.8/ |rce=oss-security,cvss2=5.0/ |AV:N/AC:M/Au:N/C:P/I:P/A:P, |AV:N/AC:L/Au:N/C:P/I:N/A:N, |cwe=CWE-348,rhel-7/xstream= |cwe=CWE-348,rhel-7/xstream= |affected,amq-6.2.1/xstream= |affected,amq-6.2.1/xstream= |affected,brms-5/xstream=won |affected,brms-5/xstream=won |tfix,jpp-6/xstream=affected |tfix,jpp-6/xstream=affected |,soap-5/xstream=affected,op |,soap-5/xstream=affected,op |enshift-enterprise-2/xstrea |enshift-enterprise-2/xstrea |m=affected,rhev-m-3/jasperr |m=affected,rhev-m-3/jasperr |eports-server-pro=affected, |eports-server-pro=affected, |jdg-6/xstream=affected,brms |jdg-6/xstream=affected,brms |-6/xstream=affected,bpms-6/ |-6/xstream=affected,bpms-6/ |xstream=affected,fsw-6/xstr |xstream=affected,fsw-6/xstr |eam=affected,fedora-all/xst |eam=affected,fedora-all/xst |ream=affected,fedora-all/je |ream=affected,fedora-all/je |nkins-xstream=affected,rhn_ |nkins-xstream=affected,rhn_ |satellite_6/xstream=affecte |satellite_6/xstream=affecte |d,rhscl-2/maven30-xstream=a |d,rhscl-2/maven30-xstream=a |ffected |ffected -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

5:32 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=moderate,public=2016 |60315,reported=20160325,sou |0315,reported=20160325,sour |rce=oss-security,cvss2=5.0/ |ce=oss-security,cvss2=5.0/A |AV:N/AC:L/Au:N/C:P/I:N/A:N, |V:N/AC:L/Au:N/C:P/I:N/A:N,c |cwe=CWE-348,rhel-7/xstream= |we=CWE-348,rhel-7/xstream=a |affected,amq-6.2.1/xstream= |ffected,amq-6.2.1/xstream=a |affected,brms-5/xstream=won |ffected,brms-5/xstream=wont |tfix,jpp-6/xstream=affected |fix,jpp-6/xstream=affected, |,soap-5/xstream=affected,op |soap-5/xstream=affected,ope |enshift-enterprise-2/xstrea |nshift-enterprise-2/xstream |m=affected,rhev-m-3/jasperr |=affected,rhev-m-3/jasperre |eports-server-pro=affected, |ports-server-pro=affected,j |jdg-6/xstream=affected,brms |dg-6/xstream=affected,brms- |-6/xstream=affected,bpms-6/ |6/xstream=affected,bpms-6/x |xstream=affected,fsw-6/xstr |stream=affected,fsw-6/xstre |eam=affected,fedora-all/xst |am=affected,fedora-all/xstr |ream=affected,fedora-all/je |eam=affected,fedora-all/jen |nkins-xstream=affected,rhn_ |kins-xstream=affected,rhn_s |satellite_6/xstream=affecte |atellite_6/xstream=affected |d,rhscl-2/maven30-xstream=a |,rhscl-2/maven30-xstream=af |ffected |fected -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

5:32 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|high |medium -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

5:33 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|high |medium -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

5:34 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0315,reported=20160325,sour |0315,reported=20160325,sour |ce=oss-security,cvss2=5.0/A |ce=oss-security,cvss2=5.0/A |V:N/AC:L/Au:N/C:P/I:N/A:N,c |V:N/AC:L/Au:N/C:P/I:N/A:N,c |we=CWE-348,rhel-7/xstream=a |we=611,rhel-7/xstream=affec |ffected,amq-6.2.1/xstream=a |ted,amq-6.2.1/xstream=affec |ffected,brms-5/xstream=wont |ted,brms-5/xstream=wontfix, |fix,jpp-6/xstream=affected, |jpp-6/xstream=affected,soap |soap-5/xstream=affected,ope |-5/xstream=affected,openshi |nshift-enterprise-2/xstream |ft-enterprise-2/xstream=aff |=affected,rhev-m-3/jasperre |ected,rhev-m-3/jasperreport |ports-server-pro=affected,j |s-server-pro=affected,jdg-6 |dg-6/xstream=affected,brms- |/xstream=affected,brms-6/xs |6/xstream=affected,bpms-6/x |tream=affected,bpms-6/xstre |stream=affected,fsw-6/xstre |am=affected,fsw-6/xstream=a |am=affected,fedora-all/xstr |ffected,fedora-all/xstream= |eam=affected,fedora-all/jen |affected,fedora-all/jenkins |kins-xstream=affected,rhn_s |-xstream=affected,rhn_satel |atellite_6/xstream=affected |lite_6/xstream=affected,rhs |,rhscl-2/maven30-xstream=af |cl-2/maven30-xstream=affect |fected |ed -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

5:36 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0315,reported=20160325,sour |0315,reported=20160325,sour |ce=oss-security,cvss2=5.0/A |ce=oss-security,cvss2=5.0/A |V:N/AC:L/Au:N/C:P/I:N/A:N,c |V:N/AC:L/Au:N/C:P/I:N/A:N,c |we=611,rhel-7/xstream=affec |we=CWE-611,rhel-7/xstream=a |ted,amq-6.2.1/xstream=affec |ffected,amq-6.2.1/xstream=a |ted,brms-5/xstream=wontfix, |ffected,brms-5/xstream=wont |jpp-6/xstream=affected,soap |fix,jpp-6/xstream=affected, |-5/xstream=affected,openshi |soap-5/xstream=affected,ope |ft-enterprise-2/xstream=aff |nshift-enterprise-2/xstream |ected,rhev-m-3/jasperreport |=affected,rhev-m-3/jasperre |s-server-pro=affected,jdg-6 |ports-server-pro=affected,j |/xstream=affected,brms-6/xs |dg-6/xstream=affected,brms- |tream=affected,bpms-6/xstre |6/xstream=affected,bpms-6/x |am=affected,fsw-6/xstream=a |stream=affected,fsw-6/xstre |ffected,fedora-all/xstream= |am=affected,fedora-all/xstr |affected,fedora-all/jenkins |eam=affected,fedora-all/jen |-xstream=affected,rhn_satel |kins-xstream=affected,rhn_s |lite_6/xstream=affected,rhs |atellite_6/xstream=affected |cl-2/maven30-xstream=affect |,rhscl-2/maven30-xstream=af |ed |fected -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

5:43 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0315,reported=20160325,sour |0315,reported=20160325,sour |ce=oss-security,cvss2=5.0/A |ce=oss-security,cvss2=5.0/A |V:N/AC:L/Au:N/C:P/I:N/A:N,c |V:N/AC:L/Au:N/C:P/I:N/A:N,c |we=CWE-611,rhel-7/xstream=a |we=CWE-611,rhel-7/xstream=a |ffected,amq-6.2.1/xstream=a |ffected,amq-6.2.1/xstream=a |ffected,brms-5/xstream=wont |ffected,brms-5/xstream=wont |fix,jpp-6/xstream=affected, |fix,jpp-6/xstream=affected, |soap-5/xstream=affected,ope |soap-5/xstream=wontfix,open |nshift-enterprise-2/xstream |shift-enterprise-2/xstream= |=affected,rhev-m-3/jasperre |affected,rhev-m-3/jasperrep |ports-server-pro=affected,j |orts-server-pro=affected,jd |dg-6/xstream=affected,brms- |g-6/xstream=affected,brms-6 |6/xstream=affected,bpms-6/x |/xstream=affected,bpms-6/xs |stream=affected,fsw-6/xstre |tream=affected,fsw-6/xstrea |am=affected,fedora-all/xstr |m=affected,fedora-all/xstre |eam=affected,fedora-all/jen |am=affected,fedora-all/jenk |kins-xstream=affected,rhn_s |ins-xstream=affected,rhn_sa |atellite_6/xstream=affected |tellite_6/xstream=affected, |,rhscl-2/maven30-xstream=af |rhscl-2/maven30-xstream=aff |fected |ected -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Monday, 4 April Mon, 4 Apr

12:24 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 --- Comment #8 from Fedora Update System <updates(a)fedoraproject.org> --- xstream-1.4.9-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

12:24 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Bug 1321789 depends on bug 1321791, which changed state. Bug 1321791 Summary: CVE-2016-3674 XStream: enabled processing of external entities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1321791 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Tuesday, 26 April Tue, 26 Apr

3:54 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 --- Comment #9 from Fedora Update System <updates(a)fedoraproject.org> --- xstream-1.4.9-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

4:21 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 --- Comment #10 from Fedora Update System <updates(a)fedoraproject.org> --- xstream-1.4.9-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Friday, 13 May Fri, 13 May

2:52 a.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Mikolaj Izdebski <mizdebsk(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1335765 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1335765 [Bug 1335765] CVE-2016-3674 XStream: enabled processing of external entities [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

4:02 a.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Bug 1321789 depends on bug 1335765, which changed state. Bug 1335765 Summary: CVE-2016-3674 XStream: enabled processing of external entities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1335765 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Tuesday, 7 June Tue, 7 Jun

10:44 a.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 --- Doc Text *updated* by Pavel Polischouk <pavelp(a)redhat.com> --- It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

9:24 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1343801 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Wednesday, 8 June Wed, 8 Jun

4:20 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1343801 | -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Friday, 14 October Fri, 14 Oct

3:47 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1385169 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Thursday, 3 November Thu, 3 Nov

1:56 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1391689 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Thursday, 24 November Thu, 24 Nov

10:33 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Pavel Polischouk <pavelp(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0315,reported=20160325,sour |0315,reported=20160325,sour |ce=oss-security,cvss2=5.0/A |ce=oss-security,cvss2=5.0/A |V:N/AC:L/Au:N/C:P/I:N/A:N,c |V:N/AC:L/Au:N/C:P/I:N/A:N,c |we=CWE-611,rhel-7/xstream=a |vss3=5.3/CVSS:3.0/AV:N/AC:L |ffected,amq-6.2.1/xstream=a |/PR:N/UI:N/S:U/C:L/I:N/A:N, |ffected,brms-5/xstream=wont |cwe=CWE-611,rhel-7/xstream= |fix,jpp-6/xstream=affected, |affected,amq-6.2.1/xstream= |soap-5/xstream=wontfix,open |affected,brms-5/xstream=won |shift-enterprise-2/xstream= |tfix,jpp-6/xstream=affected |affected,rhev-m-3/jasperrep |,soap-5/xstream=wontfix,ope |orts-server-pro=affected,jd |nshift-enterprise-2/xstream |g-6/xstream=affected,brms-6 |=affected,rhev-m-3/jasperre |/xstream=affected,bpms-6/xs |ports-server-pro=affected,j |tream=affected,fsw-6/xstrea |dg-6/xstream=affected,brms- |m=affected,fedora-all/xstre |6/xstream=affected,bpms-6/x |am=affected,fedora-all/jenk |stream=affected,fsw-6/xstre |ins-xstream=affected,rhn_sa |am=affected,fedora-all/xstr |tellite_6/xstream=affected, |eam=affected,fedora-all/jen |rhscl-2/maven30-xstream=aff |kins-xstream=affected,rhn_s |ected |atellite_6/xstream=affected | |,rhscl-2/maven30-xstream=af | |fected -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Monday, 28 November Mon, 28 Nov

11:55 a.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 --- Comment #14 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Via RHSA-2016:2823 https://rhn.redhat.com/errata/RHSA-2016-2823.html -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

11:56 a.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 --- Comment #15 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Via RHSA-2016:2822 https://rhn.redhat.com/errata/RHSA-2016-2822.html -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Red Hat Bugzilla

Tuesday, 20 December Tue, 20 Dec

1:41 p.m.

New subject: [Bug 1321789] CVE-2016-3674 XStream: enabled processing of external entities

https://bugzilla.redhat.com/show_bug.cgi?id=1321789 Bug 1321789 depends on bug 1321792, which changed state. Bug 1321792 Summary: CVE-2016-3674 jenkins-xstream: XStream: enabled processing of external entities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1321792 What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug.

Reply

2703

days inactive

2969

days old

java-sig-commits@lists.fedoraproject.org

Manage subscription

30 comments

1 participants

tags (0)

participants (1)

Red Hat Bugzilla