bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47342: [PATCH 2/2] gnu: java-xstream: Update to 1.4.16 [security fix

From: Julien Lepiller
Subject: bug#47342: [PATCH 2/2] gnu: java-xstream: Update to 1.4.16 [security fixes].
Date: Tue, 23 Mar 2021 13:42:48 -0400
User-agent: K-9 Mail for Android
So, mxparser seems to be pretty easy to package, but it depends on xmlpull v1. Unfortunately, it was developped at Extreme! Lab at Indiana University, but their website has recently been "deprecated" and redirects to the internet archive.

This is an issue as we have xmlpull v2 and xpp3 whose sources have also disappeared. Not sure what to do about them?

I asked upstseam (xstream) for guidance on where to find the sources on https://github.com/x-stream/mxparser/issues/3.

Once we have that information, I can take care of the xstream update.

Le 23 mars 2021 13:33:45 GMT-04:00, Leo Famulari <leo@famulari.name> a écrit :
On Tue, Mar 23, 2021 at 03:38:40PM +0100, Léo Le Bouter via Bug reports for GNU Guix wrote:
Fixes CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344,
CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348,
CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351.

* gnu/packages/xml.scm (java-xstream): Update to 1.4.16.
[inputs]: Replace java-xpp3 with java-mxparser, the latter being a fork of the
former made by upstream.

Thanks for the patch!

Pinging Julien...
reply via email to
[Prev in Thread] Current Thread [Next in Thread]