[m2e-dev] CVE-2020-10683

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[m2e-dev] CVE-2020-10683

From: "Homer, Tony" <tony.homer@xxxxxxxxx>
Date: Wed, 3 Jun 2020 21:21:07 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GNVEOS1w+EkWUszGSzjS2VD6miZ6BRDIiwKPORcxT/0=; b=nvibjmfI5vg/AWcE4hI0yFiS7+ReLV73mvbMLI/n2a2wZESz5Dn7cKKBJMnOzu+f//VncLT5AMMc3FyDcXcVaxd9ICAjAcYaJgc2TUTjbQlpcU6M6h2mB7RXJPQGS+zRijKcUW1dVPIafsOiOAziANhXi51uOppCCGIrbsImWCs9QGM/2cxlgqI//gcSe6bGeLOvd/aF0aPX53m9q3y+ZfX4nNmWxiE0Cwsru2ZxhV5msU1qe3J/4MA44bsfqBK8enZ+92jhabLXJi4Sx+6qwcGXYLBjqRXiWCbkOoPgMBbzU6DlTimHjIWrfWdFV09pXoW8vzUs3fnQV3XwcsWZ/g==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HMuVNzaEMiC4rs+OSfuXZP7ZM44QVkaPuJ+HP5cdtYxg+N0Ic3F+iKFjhHdgiY11wzqO/KVmefXK45iS8FRN750UBlAoNyt7R/eM+DgmYRhjz6jYGF5P1ZvpUyeNL1WheSD36kMsILfN/6b6DRvfOdx7f0or+t9Pq+Zvl4j/zbtbbzUXxIfQbZ1iTlrrtb24U4cguqeRUOwOTEBSy7g63MJyuvpwEjUV0mgSZvCwJsQaXEqaeCrKHgGktbA5ofki2qn+yUVcuEME1+FmYgHXP9/NgDzfGJxyrQh3rxQpOZtz0e60Os7//ciS1NOlSKoRwFacrJOzJj6phLXHQi13mw==
Delivered-to: m2e-dev@xxxxxxxxxxx
Ironport-sdr: UhAo2kiqV8noM/t1vhgcaldKzISymVoiQYzLNnsgwAQSTmBXfSRLni+2J+IPNGk5heGeoub2p8 6uSnfanK+mzw==
Ironport-sdr: iOrb97+GBu7G9bj0BW34uXh0JebfA3hPB6TPABf6RXYeRLjNvxiFR+FsM/AgO2qbNmZ9G4qeKi 01cWb8JwYSbA==
List-archive: <https://www.eclipse.org/mailman/private/m2e-dev>
List-help: <mailto:m2e-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/m2e-dev>, <mailto:m2e-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/m2e-dev>, <mailto:m2e-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHWOezlcQVFSxjbMkeJmYCWg9EB+g==
Thread-topic: CVE-2020-10683
User-agent: Microsoft-MacOutlook/16.37.20051002

Hi m2e-dev.

I imagine it is too late for 2020-06 but m2e is exposed to CVE-2020-10683 by dom4j 2.1.1.

https://nvd.nist.gov/vuln/detail/CVE-2020-10683

The mitigation is to update to 2.1.3.

Should I log a bug for this?

IIRC when there was a CVE from dom4j in the past, it was coming to m2e from maven-archetype and the answer was to report it to them.

Is it the same for this one?

Thanks!

Tony Homer

Follow-Ups:
- Re: [m2e-dev] CVE-2020-10683
  - From: Elliotte Rusty Harold
- Re: [m2e-dev] CVE-2020-10683
  - From: Mickael Istria

Prev by Date: Re: [m2e-dev] 1.15 or 1.16 for 2020-06?
Next by Date: Re: [m2e-dev] 1.15 or 1.16 for 2020-06?
Previous by thread: [m2e-dev] 1.15 or 1.16 for 2020-06?
Next by thread: Re: [m2e-dev] CVE-2020-10683
Index(es):
- Date
- Thread

Breadcrumbs