Candidate: CVE-2019-13990
PublicDate: 2019-07-26 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990
 https://github.com/quartz-scheduler/quartz/issues/467
Description:
 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta
 Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933169
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933170
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_libquartz-java:
upstream_libquartz-java: needs-triage
precise/esm_libquartz-java: DNE
trusty_libquartz-java: ignored (out of standard support)
trusty/esm_libquartz-java: DNE
xenial_libquartz-java: ignored (end of standard support, was needs-triage)
bionic_libquartz-java: needs-triage
disco_libquartz-java: ignored (reached end-of-life)
eoan_libquartz-java: ignored (reached end-of-life)
focal_libquartz-java: needs-triage
groovy_libquartz-java: ignored (reached end-of-life)
hirsute_libquartz-java: ignored (reached end-of-life)
impish_libquartz-java: needs-triage
jammy_libquartz-java: needs-triage
devel_libquartz-java: needs-triage

Patches_libquartz2-java:
upstream_libquartz2-java: needs-triage
precise/esm_libquartz2-java: DNE
trusty_libquartz2-java: ignored (out of standard support)
trusty/esm_libquartz2-java: DNE
xenial_libquartz2-java: DNE
bionic_libquartz2-java: needs-triage
disco_libquartz2-java: ignored (reached end-of-life)
eoan_libquartz2-java: ignored (reached end-of-life)
focal_libquartz2-java: needs-triage
groovy_libquartz2-java: not-affected (2.3.0-3)
hirsute_libquartz2-java: not-affected (2.3.0-3)
impish_libquartz2-java: not-affected (2.3.0-3)
jammy_libquartz2-java: not-affected (2.3.0-3)
devel_libquartz2-java: not-affected (2.3.0-3)