Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[wtp-dev] org.apache.xerces_2.9.0 vulnerability issues in WTP
  • From: Andrew Tram <Andrew.Tram@xxxxxxx>
  • Date: Thu, 1 Dec 2022 16:47:43 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ibm.com; dmarc=pass action=none header.from=ibm.com; dkim=pass header.d=ibm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=drV4aNO88Bq3hdAL64O0a8v9hETgI/nNC8Y68rM9R2Y=; b=HT3l1MLAORS40ERUNfExmATCGf+TXJ2imuDSHZ9RmY6DZLl1eAhow8Y1d0mcICAyZ7GGLUDTkCLaMyUod7OSK3hARiO6BUHyZdDEySsPQBjyG3G4AZ10YB6rcL5Qm6NZvRyR4rhT6wEyYt5z1XRITTu9JC2G8RcsqqU4SHjhljE/tN1Tg28z6Q5QXzz6UkQAUjcMfXEWubiwzcZC8QrqQvQwYA9NGH7K/IF8/xKx9KESVwn95OgqrWtAmSabLKedQ7mf2HmEBiEGWFwhJZ+xVg3hGbIIQ5n8mOLcGMQw04hhU9x0BmM6ihVYT4lMSPTwB5/Viz94dldpTtdVLM03Eg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S3kLa3U7buZ0CXJ6y+movXi5K1gzvO3W3ERRkeM07o32STe9YvbTDMUWE1k6frStkMq+RZFeOnLU9ECE13iFMOkF5no6jTEsCK6bfJFabGWB+MYxSyNYflP0BDj2zM8kOJNtbiVJeBs6uFI2MYI1STR8K6dDyDBvIX5WPIF1F9WuxdNC35NHNjfsGYWN6inhVGdc3YcT8ar4rs5PIHzpu88pK0hVyE4G2jPYJcwCNTziIIbeXf1rb71VRIyh1dvymmuHprKVL/c10Jxm7wFYi32Mui72U+zkUgX8G/2oEogQwnA28s4RVNxTwH54AAAeSjNhuUijDfBOuKVNdcFJJw==
  • Delivered-to: wtp-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/wtp-dev/>
  • List-help: <mailto:wtp-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/wtp-dev>, <mailto:wtp-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/wtp-dev>, <mailto:wtp-dev-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AdkFpKHwuVNF5V5GStGGCZ0ednFRlQ==
  • Thread-topic: org.apache.xerces_2.9.0 vulnerability issues in WTP

Hi,

 

Our team have encountered a few vulnerability issues pertaining to org.apache.xerces_2.9.0.v201101211617:

CVE-2022-23437

CVE-2012-0881

CVE-2009-2625


We have Eclipse products that are both on Photon, which contains these vulnerability issues.

https://archive.eclipse.org/webtools/downloads/drops/R3.10.0/R-3.10.0-20180611164516/repository

Is there is possible to remediate these issues by updating Xerces2 to 2.12.2, which was first included in WTP R3.25.0?

 

Thanks,

 

Andrew Tram
Advisory DevOps Engineer and Release Manager
Dev & Pipeline - IBM Z
andrew.tram@xxxxxxx
Slack | LinkedIn


IBM

 


Back to the top