Gentoo Project

Java

Security Bug Reports

• <dev-java/fop-2.3: XML external entity processing vulnerability

  616474 - Assigned to Gentoo Security
• <dev-java/bcprov-1.65: Multiple vulnerabilities (CVE-2016-{1000338,1000339,1000340,1000341,1000342,1000343, 1000344,1000352}, CVE-2017-13098, CVE-2018-{1000180,1000613})

  717950 - Assigned to Gentoo Security
• <dev-java/c3p0-0.9.5.5: Denial of service ("billion laughs") by recursive XML expansion (CVE-2019-5427)

  719144 - Assigned to Gentoo Security
• <dev-java/dom4j-2.1.3: XML External Entity (XEE) vulnerability in default SAX parser (CVE-2020-10683)

  719318 - Assigned to Gentoo Security
• <dev-java/jdbc-postgresql-42.4.0: XXE vulnerability (CVE-2020-13692)

  727906 - Assigned to Gentoo Security
• <dev-java/junit-4.13.1: TemporaryFolder information disclosure vulnerability (CVE-2020-15250)

  748402 - Assigned to Gentoo Security
• <dev-java/guava-30.1.1: Multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908)

  760111 - Assigned to Gentoo Security
• <dev-java/bcprov-1.69: Invalid password comparison logic for bcrypt (CVE-2020-28052)

  760729 - Assigned to Gentoo Security
• <www-apache/mod_jk-1.2.46 bypass htaccess by adding ';' at the end of an URL (CVE-2018-11759)

  780051 - Assigned to Gentoo Security
• <dev-java/commons-compress-1.21: multiple vulnerabilities (CVE-2021-{35515,35516,35517,36090})

  802078 - Assigned to Gentoo Security
• <dev-java/openjfx-11.0.11_p1: OOB read in bundled gstreamer

  819633 - Assigned to Gentoo Security
• <dev-java/jdbc-postgresql-42.4.1: sql injection via crafted column names

  863506 - Assigned to Gentoo Security
• <net-vpn/i2p-2.3.0: Eepsite deanonymization attack

  911550 - Assigned to Gentoo Security
• <dev-java/bcprov-1.74: LDAP injection vulnerability

  912248 - Assigned to Gentoo Security
• <dev-java/ant-ivy-2.5.3: multiple vulnerabilities

  916262 - Assigned to Gentoo Security
• <dev-java/gradle-bin-8.4: multiple vulnerabilities

  917402 - Assigned to Gentoo Security
• <dev-java/json-20231013: unconstrained memory usage DoS

  918529 - Assigned to Gentoo Security
• <dev-java/commons-compress-1.26.0-r1: multiple vulnerabilities

  924996 - Assigned to Gentoo Security
• <dev-java/fop-2.10: Improper Restriction of XML External Entity Reference

  941239 - Assigned to Gentoo Security
• <dev-java/json-smart-2.5.1: possible stack overflow

  947204 - Assigned to Gentoo Security
• <dev-java/commons-lang-3.19.0: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs

  960838 - Assigned to Gentoo Security
• <dev-java/log4j-core-2.25.3: Missing TLS hostname verification in Socket appender

  971360 - Assigned to Gentoo Security
• <www-servers/tomcat-{9.0.118,10.1.55,11.0.22}: Multiple vulnerabilities

  972560 - Assigned to Gentoo Security
• <dev-java/bcprov-1.84: LDAP Injection Vulnerability in LDAPStoreHelper.java

  972723 - Assigned to Gentoo Security
• <dev-java/jdbc-postgresql-42.7.11: client-side denial of service during SCRAM-SHA-256 authentication

  973405 - Assigned to Gentoo Security
• <dev-java/openjdk{,-bin,-jre-bin}-{8.492_p09,11.0.31_p11,17.0.19_p10,21.0.11_p10,25.0.3_p9}: multiple vulnerabilities

  974242 - Assigned to Gentoo Security
• <dev-java/assertj-core-3.27.7: has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

  976409 - Assigned to Gentoo Security
• <www-servers/tomcat-{9.0.118,10.1.55,11.0.22}: multiple vulnerabilities

  977114 - Assigned to Gentoo Security
• dev-java/pdfbox: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples.

  977608 - Assigned to Gentoo Security
• <dev-java/log4j-core-2.25.4: multiple vulnerabilities

  977952 - Assigned to Gentoo Security