Bug#885577: libhibernate-validator-java: CVE-2017-7536: Privilege escalation when running under the security manager
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 2 08:25:26 UTC 2018
Control: found -1 4.3.3-1
Control: tags -1 + upstream fixed-upstream
On Thu, Dec 28, 2017 at 10:30:55AM +0100, Salvatore Bonaccorso wrote:
> Source: libhibernate-validator-java
> Severity: important
> Tags: security
>
> Hi,
>
> the following vulnerability was published for
> libhibernate-validator-java. There is unfortunately not much
> information available, cf. [1].
Bharti Kundal from Red Hat provided some more information in
https://bugzilla.redhat.com/show_bug.cgi?id=1465573#c24, so the
upstream fix is
https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113
in the 5.x branch, and would apply AFAICS to 4.3.3 at least as well.
But I'm not too familiar with hibernate-validator to I'm unlikely to
understand if we would need a DSA. Cc'ing the security team alias.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list