Source: uimaj Version: 2.4.0-2 Severity: grave Tags: security upstream Hi,
The following vulnerability was published for uimaj, filling for now with RC severity. CVE-2017-15691[0]: | In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to | 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to | 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to | an XML external entity expansion (XXE) capability of various XML | parsers. UIMA as part of its configuration and operation may read XML | from various sources, which could be tainted in ways to cause | inadvertent disclosure of local files or other internal content. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15691 [1] https://uima.apache.org/security_report#CVE-2017-15691 Regards, Salvatore
