1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5242-1] maven-shared-utils security update

    From Salvatore Bonaccorso@21:1/5 to All on Wed Sep 28 15:10:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5242-1 security@debian.org https://www.debian.org/security/ Aron Xu September 28, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : maven-shared-utils
    CVE ID : CVE-2022-29599
    Debian Bug : 1012314

    It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can
    emit double-quoted strings without proper escaping, allowing shell
    injection attacks.

    For the stable distribution (bullseye), this problem has been fixed in
    version 3.3.0-1+deb11u1.

    We recommend that you upgrade your maven-shared-utils packages.

    For the detailed security status of maven-shared-utils please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/maven-shared-utils

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmM0RjVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ro4hAAiuNu5Px8339zYifU+AiheHZcNr6WMl4hRufgbZ7qynaQlOifwYaFxbgL wf/6Xj3jpCtvAoSrLuckfAXPiOXcW9rpJeDgGLY8bsrn/d6DIjKL8ShDKWfok2re WB1iS3quaB7NXwXTHVmK6fXKQ1PdDu3AZexODMvrRSZmRwO/kVnZUZirh2TZ/JQ5 dVwe5n/8/N6nrASMMAI5ysDYaaHkIucwxPgh/jxg6A/IasQGbnzvJ7wu47bs2VT0 sgnzkndN1DNj9eP/IRW9ceOrMwUWo8l1i2Q6vufza1I+iELi8rDE0RnQgFR6g+Oh fFZ83kHJuQSGqG3ejj0jJ3P02AjPokScHTZZnAMcuHliiNQxyAIaZyBjDC9Xix9j XHJwj4zB54eEWCIDSU3rMiTYj+2zPU/TcE+Mqy4TcLZrAA/MoHyPWY4jXba3HX9S UIyczG1/J6xdKRbOEajghUw8SHdn7xce9Wgb6XGpmLutAaUjtVCs60fVSo4sBLHE q7/SksMcL4+vgnQDqS93uxa+hxiL9uZ3NT+ErvYesNnFHKz7HkI86Vluy6yk9GYo bGw4Hz8JZic9UJ/cMCV6+IQgOVfl+xo8R+kNA0BhopgV9Ixz7CdoOdFxJdN6uuZj zNGdFvp7j+j/TTIGg6uudOEhqm5DflEQE5SLSBcSpn+lvUQOM/s=
    =ziDo
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)