Control: found -1 4.3.3-1 Control: tags -1 + upstream fixed-upstream On Thu, Dec 28, 2017 at 10:30:55AM +0100, Salvatore Bonaccorso wrote: > Source: libhibernate-validator-java > Severity: important > Tags: security > > Hi, > > the following vulnerability was published for > libhibernate-validator-java. There is unfortunately not much > information available, cf. [1].
Bharti Kundal from Red Hat provided some more information in https://bugzilla.redhat.com/show_bug.cgi?id=1465573#c24, so the upstream fix is https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113 in the 5.x branch, and would apply AFAICS to 4.3.3 at least as well. But I'm not too familiar with hibernate-validator to I'm unlikely to understand if we would need a DSA. Cc'ing the security team alias. Regards, Salvatore
