Candidate: CVE-2017-8315 PublicDate: 2018-04-20 19:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8315 https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169 https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/ Description: Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml. Ubuntu-Description: Notes: msalvatore> see debian CVE tracker for more details. Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH] Patches_eclipse: upstream_eclipse: not-affected precise/esm_eclipse: DNE trusty_eclipse: ignored (reached end-of-life) trusty/esm_eclipse: DNE (trusty was needs-triage) xenial_eclipse: not-affected artful_eclipse: ignored (reached end-of-life) bionic_eclipse: not-affected cosmic_eclipse: not-affected disco_eclipse: DNE eoan_eclipse: DNE focal_eclipse: DNE groovy_eclipse: DNE hirsute_eclipse: DNE impish_eclipse: DNE jammy_eclipse: DNE devel_eclipse: DNE Patches_apktool: upstream: https://github.com/iBotPeaches/Apktool/commit/f19317d87c316ed254aafa0a27eddd024e25ec6c upstream: https://github.com/iBotPeaches/Apktool/commit/657a44f5938b072898a0de913c03760210e0f4ed upstream: https://github.com/iBotPeaches/Apktool/commit/dbb144f9af5478c780e59c8b65036ae882595063 upstream_apktool: released (2.2.4-1) precise/esm_apktool: DNE trusty_apktool: ignored (reached end-of-life) trusty/esm_apktool: DNE xenial_apktool: ignored (end of standard support, was needed) artful_apktool: ignored (reached end-of-life) bionic_apktool: not-affected (2.3.4-1~18.04) cosmic_apktool: not-affected (2.3.4-1~18.04) disco_apktool: not-affected (2.3.4-1~18.04) eoan_apktool: not-affected (2.3.4-1~18.04) focal_apktool: not-affected (2.3.4-1~18.04) groovy_apktool: not-affected (2.3.4-1~18.04) hirsute_apktool: not-affected (2.3.4-1~18.04) impish_apktool: not-affected (2.3.4-1~18.04) jammy_apktool: not-affected (2.3.4-1~18.04) devel_apktool: not-affected (2.3.4-1~18.04)