Bug 751501

Summary: CVE-2009-2625 OpenJDK: XML parsing Denial-Of-Service (6845701) [epel-5]
Product: [Fedora] Fedora EPEL Reporter: Vincent Danen <vdanen>
Component: centerimAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: el5CC: lkundrak
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---Flags: jtfas90: needinfo? (lkundrak)
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-06 10:18:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 512921    

Description Vincent Danen 2011-11-04 22:14:02 UTC
epel-5 tracking bug for centerim: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]

Comment 1 Vincent Danen 2011-11-04 22:16:27 UTC
According to http://www.centerim.org/index.php/Main_Page, centerim 4.22.10 fixes this flaw.  Current EPEL6 and >=F15 have this version already, so only F14 and EPEL5 are vulnerable.

Comment 2 Jason Taylor 2014-12-09 12:25:20 UTC
Hi Lubo,

Have you had a chance to review this BZ? If I can be of assistance feel free to let me know what you need done. Thanks.

JT

Comment 3 Fedora End Of Life 2017-04-06 10:18:14 UTC
Fedora EPEL 5 changed to end-of-life (EOL) status on 2017-03-31. Fedora EPEL 5
is no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora
or Fedora EPEL, please feel free to reopen this bug against that version. If
you are unable to reopen this bug, please file a new report against the current
release. If you experience problems, please add a comment to this bug.

Thank you for reporting this bug and we are sorry it could not be fixed.