[wtp-dev] org.apache.xerces_2.9.0 vulnerability issues in WTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[wtp-dev] org.apache.xerces_2.9.0 vulnerability issues in WTP

From: Andrew Tram <Andrew.Tram@xxxxxxx>
Date: Thu, 1 Dec 2022 16:47:43 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ibm.com; dmarc=pass action=none header.from=ibm.com; dkim=pass header.d=ibm.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=drV4aNO88Bq3hdAL64O0a8v9hETgI/nNC8Y68rM9R2Y=; b=HT3l1MLAORS40ERUNfExmATCGf+TXJ2imuDSHZ9RmY6DZLl1eAhow8Y1d0mcICAyZ7GGLUDTkCLaMyUod7OSK3hARiO6BUHyZdDEySsPQBjyG3G4AZ10YB6rcL5Qm6NZvRyR4rhT6wEyYt5z1XRITTu9JC2G8RcsqqU4SHjhljE/tN1Tg28z6Q5QXzz6UkQAUjcMfXEWubiwzcZC8QrqQvQwYA9NGH7K/IF8/xKx9KESVwn95OgqrWtAmSabLKedQ7mf2HmEBiEGWFwhJZ+xVg3hGbIIQ5n8mOLcGMQw04hhU9x0BmM6ihVYT4lMSPTwB5/Viz94dldpTtdVLM03Eg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S3kLa3U7buZ0CXJ6y+movXi5K1gzvO3W3ERRkeM07o32STe9YvbTDMUWE1k6frStkMq+RZFeOnLU9ECE13iFMOkF5no6jTEsCK6bfJFabGWB+MYxSyNYflP0BDj2zM8kOJNtbiVJeBs6uFI2MYI1STR8K6dDyDBvIX5WPIF1F9WuxdNC35NHNjfsGYWN6inhVGdc3YcT8ar4rs5PIHzpu88pK0hVyE4G2jPYJcwCNTziIIbeXf1rb71VRIyh1dvymmuHprKVL/c10Jxm7wFYi32Mui72U+zkUgX8G/2oEogQwnA28s4RVNxTwH54AAAeSjNhuUijDfBOuKVNdcFJJw==
Delivered-to: wtp-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/wtp-dev/>
List-help: <mailto:wtp-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/wtp-dev>, <mailto:wtp-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/wtp-dev>, <mailto:wtp-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AdkFpKHwuVNF5V5GStGGCZ0ednFRlQ==
Thread-topic: org.apache.xerces_2.9.0 vulnerability issues in WTP

Hi,

Our team have encountered a few vulnerability issues pertaining to org.apache.xerces_2.9.0.v201101211617:

CVE-2022-23437

CVE-2012-0881

CVE-2009-2625

We have Eclipse products that are both on Photon, which contains these vulnerability issues.

https://archive.eclipse.org/webtools/downloads/drops/R3.10.0/R-3.10.0-20180611164516/repository

Is there is possible to remediate these issues by updating Xerces2 to 2.12.2, which was first included in WTP R3.25.0?

Thanks,

Andrew Tram
Advisory DevOps Engineer and Release Manager
Dev & Pipeline - IBM Z
andrew.tram@xxxxxxx
Slack | LinkedIn

IBM

Follow-Ups:
- Re: [wtp-dev] org.apache.xerces_2.9.0 vulnerability issues in WTP
  - From: Nitin Dahyabhai

Prev by Date: [wtp-dev] WTP 3.28.0 Smoke Test Candidate Build: S-3.28RC1-20221120050827
Next by Date: Re: [wtp-dev] org.apache.xerces_2.9.0 vulnerability issues in WTP
Previous by thread: [wtp-dev] WTP 3.28.0 Smoke Test Candidate Build: S-3.28RC1-20221120050827
Next by thread: Re: [wtp-dev] org.apache.xerces_2.9.0 vulnerability issues in WTP
Index(es):
- Date
- Thread

Breadcrumbs