UbuntuUpdates.org

Package "libmaven-shared-utils-java"

Name: libmaven-shared-utils-java

Description:

Replacement for plexus-utils in Maven

Latest version: 3.3.0-1ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: maven-shared-utils
Homepage: http://maven.apache.org/shared/maven-shared-utils/

Links


Download "libmaven-shared-utils-java"


Other versions of "libmaven-shared-utils-java" in Focal

Repository Area Version
base universe 3.3.0-1
updates universe 3.3.0-1ubuntu0.20.04.1

Changelog

Version: 3.3.0-1ubuntu0.20.04.1 2024-04-11 23:06:51 UTC

  maven-shared-utils (3.3.0-1ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Commandline class can emit double-quoted strings
    without proper escaping, allowing shell injection attacks.
    - debian/patches/CVE-2022-29599.patch: BourneShell unconditionally
      single quotes executable and arguments.
    - CVE-2022-29599

 -- Chris Kim <email address hidden> Thu, 28 Mar 2024 14:31:18 -0700

CVE-2022-29599 In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing she



About   -   Send Feedback to @ubuntu_updates