-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : dom4j Version : 1.6.1+dfsg.3-2+deb8u2 CVE ID : CVE-2020-10683 Debian Bug : 958055
A flaw was found in dom4j library. By using the default SaxReader() provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE. For Debian 8 "Jessie", this problem has been fixed in version 1.6.1+dfsg.3-2+deb8u2. We recommend that you upgrade your dom4j packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl6rSnEACgkQgj6WdgbD S5aT7hAAqb7t2fNB/2ZFzT7VaaXVLrMX5JAytpPtQofD6K+c8eAqEXK0lwzr4GNB i9ADeALreXcm6ovgwZHYpOlh5Oer31RFpyUNz7nJ4HTLdNxpC8T5hT9oEtFZoRs+ Zb7NsMVEpTSVQveAvPe4gedS1KdMyQ5JwXb7LFLZG1DNZ2jAuI8aA5wWgFuRgmL+ JMFSqplCquHOLyxPF169YOt0Bp/Eu43PZtoZLo/tqKKRtsjxHC6ged3EVVPYS2c3 MaRkFiPaL7hxcwJCbekq8pKRGiYcvJupSWjnXZp2JwWjW/oF2cM7mSqm3D+145nM ih4MyByrryPEsm5biAxox7Fn2QTA2iAui5yqmFIK+zv24es0ljEIelRpKWHgkR6A 5KhPnO08xaFZwuxHnthFKi0CJ5HHaRRVEBnbo34Wrq84Q0MUKnKCyTQ84NBMZL2O +FY9hYr4y6B2Ff8oxRRI4myDkJaLi+Dz4kaGZdgx/M/UAfpo0NKUZkZhM0mKHvW6 xafgz1YAM+NqKFzQWrQp3xmg5zMXqSoICFdThokTwUQ54wrlch1x/WvEbo9TisbU X9Z5S+eGcvpBXvhuZyNSqb5IS+QrfdAHiAypYD0vPlLV6t0HyjBN3OgYtILLzDC4 8cdB3kQMrRN3kJUSf+5lOfinT2cmYIGzpT6VkioCxNFoenGZaZ8= =VMa0 -----END PGP SIGNATURE-----
