From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id uKNPO4pcKmMxIgAAbAwnHQ (envelope-from ) for ; Wed, 21 Sep 2022 02:36:27 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id QF80O4pcKmPLnAAAauVa8A (envelope-from ) for ; Wed, 21 Sep 2022 02:36:26 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B05B82F0DC for ; Wed, 21 Sep 2022 02:36:24 +0200 (CEST) Received: from localhost ([::1]:41218 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oanix-0001F9-Ei for larch@yhetil.org; Tue, 20 Sep 2022 20:36:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39502) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oakkk-0001j5-Gp for guix-patches@gnu.org; Tue, 20 Sep 2022 17:26:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60792) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oakkk-0004Ea-8r for guix-patches@gnu.org; Tue, 20 Sep 2022 17:26:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oakkj-0002zw-RE for guix-patches@gnu.org; Tue, 20 Sep 2022 17:26:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#32947] Add java-xalan-interp CVE References: <20181005151859.9616-1-dannym@scratchpost.org> In-Reply-To: <20181005151859.9616-1-dannym@scratchpost.org> Resent-From: Frank Pursel Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 20 Sep 2022 21:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 32947 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 32947@debbugs.gnu.org Received: via spool by 32947-submit@debbugs.gnu.org id=B32947.166370915111507 (code B ref 32947); Tue, 20 Sep 2022 21:26:01 +0000 Received: (at 32947) by debbugs.gnu.org; 20 Sep 2022 21:25:51 +0000 Received: from localhost ([127.0.0.1]:59870 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oakkY-0002zX-KU for submit@debbugs.gnu.org; Tue, 20 Sep 2022 17:25:50 -0400 Received: from mail-pj1-f47.google.com ([209.85.216.47]:39635) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oakkV-0002zG-3z for 32947@debbugs.gnu.org; Tue, 20 Sep 2022 17:25:49 -0400 Received: by mail-pj1-f47.google.com with SMTP id d64-20020a17090a6f4600b00202ce056566so12135416pjk.4 for <32947@debbugs.gnu.org>; Tue, 20 Sep 2022 14:25:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:message-id:date:subject:to:from:from:to:cc:subject :date; bh=ewxJl5o8CpWk+iltMudt3VwEHNArAtsOvJJH7SHbYEA=; b=aY8vRd4Pj7YLeA0v/8+/f+4PPPbaOjAocKwZoF/NXz+X0QlA1eiwqJ3Nf3M9z2azNQ AtXBIi+0fOx0B4ENF/qdN2QQ/oiRLIcjMJAX+3n3/R9Tazl9z7cVSV5XDChiVxHTr+JN +9nOROugHcpJNDZ/1F5XbiVULJpTTfDQuFBvkK5o+2p3lvZBjATjrUFW00eRJVcIsweU lMCO/AGunzhH24iL7E1/8tsdP1mPjpEMS+AvJqtioO+amMCgZxvckonmOupxeBNXR4pa 6RtEzvF4+757q3sPfpGVir3ddTWLJjXYUAVub0b3QFaY7MhptBLk9ypZAWn6DFln6cZR w7cQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:message-id:date:subject:to:from:x-gm-message-state :from:to:cc:subject:date; bh=ewxJl5o8CpWk+iltMudt3VwEHNArAtsOvJJH7SHbYEA=; b=n/lgUEgb9oOOrtDz9h2T3Lg/wl09DglKWdfM756KV7XZWz551rz5yeCCezADnEYomb iGnhnPZsEZUidodUfS0k69JoFl1XpNTl1kN6jBK8SrS412rQVI6Sj/mBj8ex9C7sR1Bc poy8Rl0GhykFmimhXAuMO/ju1N8WwOi5M11Tz1chbaBGC7YZmQ2iNfzSTblwSYiKvBCB NdvHbim+J4+YRsNhKm17DndKjerg3jd6o6MVuFPyXW69vjtJVn2cGzj9x7vcUUSWCUkw UX0LDwtqTPm0o/Np6rrgYpBI9p8RUA4NEDoGQG4NB7V73I6XzPB/8t2ON/xM2c7BXAZW ZJ5Q== X-Gm-Message-State: ACrzQf1v7qf5fXnI8oSxsyniT0cmH+aqBkixmVkCK7nF2GBRaz1P5JM7 uHdKTXa+PvAYw4d0D6sz301ZyhLCX4I= X-Google-Smtp-Source: AMsMyM5hAHX36noZJAkb0gODD6zRELJom0NlYeM6svXm1Y93tTmuTebUYdt8tzVlM/V60iqsrzZIUQ== X-Received: by 2002:a17:90a:ce82:b0:200:aca2:5a19 with SMTP id g2-20020a17090ace8200b00200aca25a19mr5968066pju.156.1663709139896; Tue, 20 Sep 2022 14:25:39 -0700 (PDT) Received: from Ginko.local ([66.170.190.211]) by smtp.gmail.com with ESMTPSA id nk9-20020a17090b194900b001fd9c63e56bsm371030pjb.32.2022.09.20.14.25.39 for <32947@debbugs.gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Sep 2022 14:25:39 -0700 (PDT) From: Frank Pursel X-Google-Original-From: Frank Pursel Date: Tue, 20 Sep 2022 14:25:38 -0700 Message-ID: <87fsglpwkt.fsf@Ginko.local.mail-host-address-is-not-set> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1663720585; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=ewxJl5o8CpWk+iltMudt3VwEHNArAtsOvJJH7SHbYEA=; b=usuxYhKCqSA276D7EnODYQ2cd0xLDrVO1IgXKHI3lQzvlsvjng39vioO5Ng5p10dPy42r/ ZnSxf+im8p/4H4oH97+0zxeel7gYm9lg2+ok+u7JUeFJUTUWGCsmgARFipeRHUb5A7meM8 FWiXO3e+iY0e+484sJ1Ua1SktVf+3D/z8QFHRTvubWgfuaugQlGhb4DO6y8MnWfRUUyOTk EzXjxpLSnUgCGOjfvIXzOUV1LD063sq/VmHmnCzS5tSh+uHf4B9Rg02eOanuprXL7jCRro gCtgXmVqxvJERaR/dYKLkfe/7JktHZHVYoYviOABpr/7/0JM9LEXeCD6e5MV+A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1663720585; a=rsa-sha256; cv=none; b=eXO/NsYt/F/aRBT6/oJXrzTn3urLURxwjFZQTnc12Rk4hVkN8nhn6TR4io/GpGUWeWAbpG VCRc2clBAlwDEAZMEJ+hye+qf5uNe4Cb0J0R+V4B30GfF2yMhnFk9N5ZIpMhHWgkRJO5nI TFTwzb1hHUNB4MA40+UvYoQzF+aIVmZxtJbyiaoaXxOuGZ/SoDNrgorEzBnjRGdD7emgVW 3/hrrHKUocuGzX4GeDnqTuttueLQuuygFepa9htQAe+4qXmABtKHOt+vhkSovLIbRUc5kT 6e1481RVDuV/pA4d13bz4/SgR0ahPv29RMtn2hWQcWzqaXouC5wUCWX8cKXXkQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=aY8vRd4P; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 6.17 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=aY8vRd4P; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: B05B82F0DC X-Spam-Score: 6.17 X-Migadu-Scanner: scn1.migadu.com X-TUID: kTvJL7qFiDmp CVE-2022-34169 has recently been posted against the xalan XSLT library. Looking for an appropriate patch but maybe it is a dead end and instead effort should be focused on alternative that might allow batik and others to function. Suggestions are, of course, welcome. Regards, Frank