Mageia 2021-0133: quartz security update
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description (CVE-2019-13990)
Summary
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz
(CVE-2019-13990).
References
- https://bugs.mageia.org/show_bug.cgi?id=26481
- https://lists.suse.com/pipermail/sle-security-updates/2020-April/006708.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990
Resolution
MGASA-2021-0133 - Updated quartz packages fix a security vulnerability
SRPMS
- 7/core/quartz-2.2.1-9.1.mga7
Severity
Publication date: 14 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0133.html
Type: security
CVE: CVE-2019-13990
