drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in castor
Name: |
Ausführen beliebiger Kommandos in castor |
|
ID: |
FEDORA-2014-16346 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Mo, 15. Dezember 2014, 07:42 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3004 |
|
Applikationen: |
castor |
|
Originalnachricht |
Name : castor Product : Fedora 20 Version : 1.3.3 Release : 1.fc20 URL : http://castor.codehaus.org Summary : An open source data binding framework for Java Description : Castor is an open source data binding framework for Java. It's basically the shortest path between Java objects, XML documents and SQL tables. Castor provides Java to XML binding, Java to SQL persistence, and more.
------------------------------------------------------------------------------- - Update Information:
Update to latest upstream point release containing fix for CVE-2014-3004 ------------------------------------------------------------------------------- - ChangeLog:
* Thu Dec 4 2014 Mat Booth <mat.booth@redhat.com> - 1.3.3-1 - Update to latest upstream 1.3.3 - Fixes rhbz#1108691 CVE-2014-3004 * Mon Jun 9 2014 Alexander Kurtakov <akurtako@redhat.com> 1.3.2-14 - Fix FTBFS. * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.2-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Mar 28 2014 Michael Simacek <msimacek@redhat.com> - 1.3.2-12 - Use Requires: java-headless rebuild (#1067528) * Wed Nov 27 2013 Mat Booth <fedora@matbooth.co.uk> - 0:1.3.2-11 - Update for merge review comments and fix rawhide build ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1108639 - CVE-2014-3004 castor: XML External Entity (XXE) attacks via a crafted XML document https://bugzilla.redhat.com/show_bug.cgi?id=1108639 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update castor' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|