[SECURITY] [DLA 1768-1] checkstyle security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1768-1] checkstyle security update
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 28 Apr 2019 21:31:07 +0300
Message-id: <[🔎] 20190428183107.GA24954@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : checkstyle
Version        : 5.9-1+deb8u1
CVE ID         : CVE-2019-9658

checkstyle was loading external DTDs by default,
which is now disabled by default.

If needed it can be re-enabled by setting the system property
checkstyle.enableExternalDtdLoad to true.

For Debian 8 "Jessie", this problem has been fixed in version
5.9-1+deb8u1.

We recommend that you upgrade your checkstyle packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAlzF8WoACgkQiNJCh6LY
mLHC1RAAuWcaRaaw4psfWoltvR8eL/vNNMarjlBV5uO0u5hAJ6t0L134XF7eu2Li
ai+lrWCEiHXPpWt1jvSDOmzhrwZ8tkG2vYjTCZKy5qxAhYFVoboO2k6rvxZjaAl6
Pa2cTyyN5jN23w9tE2o7MPTYi2CbFMXkBneUbXaOnxXUJO7CiTG/3ItcFBIavnWD
mdYipL4ytzG589KqkUr/Ym1V0MuxrGchEVy5vbYqRfyoBIPdRSTZMNArePnVBZeC
1jCIPA3NQpPLcsl6b0K9R08A69jHmOCMb0SWTjL4tRfwNuDMoBaO9KZf4ZYjPUUj
8opKwKET4/7YnAkgYYihPB7IgbGPwZ6AK7B/nAEFqca/Jj2nud/YYQLyRvnR63Ti
fX6rQIfu+iENwvhYkufXxw/I/HP6Hj2z3LKXcnXn2XoZK0s6Z+ovZGfJeQHKfdpE
1k8V57/k+P8PAOjWj5x3Ladho+39p3Gs3KAJnlZmHjqX55PRJpyOBEzS3FZjNXRE
OVMqG5T/6TQ7//4FSDVkNxsst3AogKQPXWfDlZZjqsw4y/uGXdFmikMhDiqmWVan
B2s0rJTeBn9UdYKbHuIFq0AIi4axmBX8AqnxrKEcuu6DSEnfdqb93A7+g+j+QKbP
1COW3PqdMAvz/PJHHTQETe9NlbUKsht0H6y08301ooDkt4lUovo=
=P7xe
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1767-1] monit security update
Next by Date: [SECURITY] [DLA 1769-1] gst-plugins-base0.10 security update
Previous by thread: [SECURITY] [DLA 1767-1] monit security update
Next by thread: [SECURITY] [DLA 1769-1] gst-plugins-base0.10 security update
Index(es):
- Date
- Thread