oss-sec mailing list archives
Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
From: Markus Koschany <apo () debian org>
Date: Mon, 17 Oct 2022 23:57:45 +0200
Hi, it appears the underlying bug is in Apache Commons bcel and not in Apache Xalan itself. See https://bugs.debian.org/1015860 and https://github.com/apache/commons-bcel/pull/147 https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Markus Koschany (Oct 18)