-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2404-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 09, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : eclipse-wtp Version : 3.6.3-3+deb9u1 CVE ID : CVE-2019-17637 In Eclipse Web Tools Platform, a component of the Eclipse IDE, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. For Debian 9 stretch, this problem has been fixed in version 3.6.3-3+deb9u1. We recommend that you upgrade your eclipse-wtp packages. For the detailed security status of eclipse-wtp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/eclipse-wtp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl+A8FNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSo0A/+OBRLUAgyW5/fajXV+onFyKs/VXWpyHUYveyF5kMH4h97GR7LAZAZ4uGQ ZwfvYJ4selQ/5Q0JcGeCFo5aC3jG3tskBLCUCnp5Nza4I5Xk+sedZUFN+i3NVgJS Y4xoNC2j5fr61gyRQCxISG2g5YrkK6wrVhKC3kUzL7Esy/3HFi2SLH7CeqEMNTcm jOUIvhYQZfBw8ODaVXz/f9jbTLn7Q8d9EljCkotcugP8p5XXUHfvhRsURpX9EDu3 AtcGKTv0jCw7AOAQOdmB0pekfTq4Cd5jCApc23tZw7eRAXlGSP08Zeq2LXU4try1 kGXXLTlJT1RByuhWoSDh/tLqgjkC6vJli5JbxDihpcEUZsW8qhx+B+K7fU7EeB+3 Rxy7XhNQZim4bflT/y38G+/dzyh7QPe+I/X0KwTQ8HLsblCtW4oXjUdGd8QsHmsJ mAFtXrxEbiBrXYBXNwllNtcfOM4n5yGdv1jlzgGdTG4zaDvFqAb2bwBH2YeVK1pA m7PfCFxCfW29sCE+y5PXDPxEqO4PUiRT2Cd/8HSOS2tmE93XTILF6siBcIDzgF+b 6wnzJ+X2ZbXEhhIQcgaHPTHrDjHcSTCZUoLx8zkrVyBN8zHq7UKkm/pqi3lLSm7f sGpORm4BYyy2cBP3acWPx/QROm1uckNjcRShEaTxfT7QzeuexGU= =4q33 -----END PGP SIGNATURE-----
