{ "schema_version": "1.7.0", "id": "MGASA-2013-0292", "published": "2013-10-05T17:44:58Z", "modified": "2013-10-05T17:44:53Z", "summary": "Updated openjpa packages fix CVE-2013-1768", "details": "Updated openjpa packages fix security vulnerability:\n\nThe BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates\nlocal executable JSP files containing logging trace data produced during\ndeserialization of certain crafted OpenJPA objects, which makes it easier\nfor remote attackers to execute arbitrary code by creating a serialized\nobject and leveraging improperly secured server programs (CVE-2013-1768).\n", "upstream": [ "CVE-2013-1768" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2013-0292.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112029.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=10817" } ], "affected": [ { "package": { "ecosystem": "Mageia:2", "name": "openjpa", "purl": "pkg:rpm/mageia/openjpa?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.0.0-1.1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "openjpa", "purl": "pkg:rpm/mageia/openjpa?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.2.0-3.1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }