Overview

File _patchinfo of Package patchinfo.31271

<patchinfo incident="31271">
  <issue tracker="bnc" id="1162112">xmvn produces unreproducible output</issue>
  <issue tracker="bnc" id="1216529">VUL-0: CVE-2023-46122: sbt: Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's mai ...</issue>
  <issue tracker="cve" id="2023-46122"/>
  <packager>fstrba</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for maven, maven-resolver, sbt, xmvn</summary>
  <description>This update for maven, maven-resolver, sbt, xmvn fixes the following issues:

- CVE-2023-46122: Fixed an arbitrary file write when extracting a
  crafted zip file with sbt (bsc#1216529).
- Upgraded maven to version 3.9.4
- Upgraded maven-resolver to version 1.9.15.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places