#47342 - java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Message #11 received at 47342@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47342) by debbugs.gnu.org; 23 Mar 2021 14:38:51 +0000
From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 23 10:38:51 2021
Received: from localhost ([127.0.0.1]:60926 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lOiBH-0006rA-2l
	for submit@debbugs.gnu.org; Tue, 23 Mar 2021 10:38:51 -0400
Received: from mail.zaclys.net ([178.33.93.72]:55567)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@zaclys.net>) id 1lOiBE-0006qn-VF
 for 47342@debbugs.gnu.org; Tue, 23 Mar 2021 10:38:50 -0400
Received: from localhost.localdomain (lsl43-1_migr-78-195-19-20.fbx.proxad.net
 [78.195.19.20] (may be forged)) (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12NEcgwe035313
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
 Tue, 23 Mar 2021 15:38:42 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12NEcgwe035313
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@zaclys.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1616510322;
 bh=ySafThOjwYLdy7Ejp0M1/4AkDb3TtdnY86IpX/KdPVk=;
 h=From:To:Cc:Subject:Date:From;
 b=Lv1BTGVvOuojXy4y1Q5cKSQA7WfJ7Y4i24r/tY/cd3K2FTwhK4MxjHWn8sYCJ67hq
 ciQiUpwNfd1hLZLUpdgxlAXRzcdW5nZuue49Gj85LjsaPy+Nsfl3uUkMPyCYci9Vxt
 KTnErUM2O8IJLYpH4zronH9tA2Ov7WPfzaYctUHM=
From: Léo Le Bouter <lle-bout@zaclys.net>
To: 47342@debbugs.gnu.org
Subject: [PATCH 1/2] gnu: Add java-mxparser.
Date: Tue, 23 Mar 2021 15:38:39 +0100
Message-Id: <20210323143840.22600-1-lle-bout@zaclys.net>
X-Mailer: git-send-email 2.31.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47342
Cc: Léo Le Bouter <lle-bout@zaclys.net>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/xml.scm (java-mxparser): New variable.
---
 gnu/packages/xml.scm | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 2a72fc6ad2..96287b3174 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -2256,6 +2256,34 @@ outputting XML data from Java code.")
 and back again.")
     (license license:bsd-3)))
 
+(define-public java-mxparser
+  (package
+    (name "java-mxparser")
+    (version "1.2.1")
+    (source (origin
+              (method url-fetch)
+              (uri
+               (string-append
+                "https://repo1.maven.org/maven2/io/github/x-stream/mxparser/"
+                version "/mxparser-" version "-sources.jar"))
+              (sha256
+               (base32
+                "0mly55qbs2109wwbiz890n87r54iz7cykazl0rlsih6sg5lx8kdl"))))
+    (build-system ant-build-system)
+    (home-page "https://github.com/x-stream/mxparser")
+    (synopsis "Streaming pull XML parser forked from @code{java-xpp3}")
+    (description "Xml Pull Parser (in short XPP) is a streaming pull XML
+parser and should be used when there is a need to process quickly and
+efficiently all input elements (for example in SOAP processors). This
+package is a stable XmlPull parsing engine that is based on ideas from XPP
+and in particular XPP2 but completely revised and rewritten to take the best
+advantage of JIT JVMs.
+
+MXParser is a fork of xpp3_min 1.1.7 containing only the parser with merged
+changes of the Plexus fork. It is an implementation of the XMLPULL V1 API
+(parser only).")
+    (license (license:non-copyleft "file://LICENSE.txt"))))
+
 (define-public xmlrpc-c
   (package
     (name "xmlrpc-c")
-- 
2.31.0

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:17:28 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#47342 java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351