Bug#1010154: libowasp-antisamy-java: CVE-2022-28366 + CVE-2022-28367
Neil Williams
codehelp at debian.org
Mon Apr 25 13:48:43 BST 2022
On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams <codehelp at debian.org> wrote:
> Please note, the current homepage for libowasp-antisamy-java appears to
> have no commits beyond version 1.5.3 but the change for CVE-2022-29577
> does match the source code for libowasp-antisamy-java:
> https://sources.debian.org/src/libowasp-antisamy-java/1.5.3+dfsg-1.1/src/main/java/org/owasp/validator/html/scan/AntiSamyDOMScanner.java/?hl=410#L410
Apologies - that paragraph contains a typo - the matching change is for
CVE-2022-28367:
The fix in what looks like the new upstream is:
https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae
--
Neil Williams
=============
https://linux.codehelp.co.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20220425/f24de755/attachment.sig>
More information about the pkg-java-maintainers
mailing list