Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
patchinfo.32874
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.32874
<patchinfo incident="32874"> <issue tracker="cve" id="2023-4218"/> <issue tracker="bnc" id="1216992">VUL-0: CVE-2023-4218: eclipse: In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file ...</issue> <packager>fstrba</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for eclipse, maven-surefire, tycho</summary> <description>This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix: - CVE-2023-4218: Fixed a bug where parsing files with xml content laeds to XXE attacks. (bsc#1216992) maven-sunfire was updated from version 2.22.0 to 2.22.2: - Changes in version 2.22.2: * Bugs fixed: + Fixed JUnit Runner that writes to System.out corrupts Surefire’s STDOUT when using JUnit’s Vintage Engine - Changes in version 2.22.1: * Bugs fixed: + Fixed Surefire unable to run testng suites in parallel + Fixed Git wrongly considering PNG files as changed when there is no change + Fixed the surefire XSD published on maven site lacking of some rerun element + Fixed XML Report elements rerunError, rerunFailure, flakyFailure, flakyError + Fixed overriding platform version through project/plugin dependencies + Fixed mixed up characters in standard output + Logs in Parallel Tests are mixed up when `forkMode=never` or `forkCount=0` + MIME type for javascript is now officially application/javascript * Improvements: + Elapsed time in XML Report should satisfy pattern in XSD. + Fix old test resources TEST-*.xml in favor of continuing with SUREFIRE-1550 + Nil element “failureMessage” in failsafe-summary.xml should have self closed tag + Removed obsolete module `surefire-setup-integration-tests` + Support Java 11 + Surefire should support parameterized reportsDirectory * Dependency upgrades: + Upgraded maven-plugins parent to version 32 + Upgraded maven-plugins parent to version 33 tycho received the following bug fixes: - Fixed build against maven-surefire 2.22.1 and newer - Fixed build against newer plexus-compiler - Fixed issues with plexus-archiver 4.4.0 and newer - Require explicitely artifacts that will not be required automatically any more </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor