MGASA-2021-0133 - Updated quartz packages fix a security vulnerability

Publication date: 14 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0133.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz
Scheduler through 2.3.0 allows XXE attacks via a job description
(CVE-2019-13990).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26481
- https://lists.suse.com/pipermail/sle-security-updates/2020-April/006708.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990

SRPMS:
- 7/core/quartz-2.2.1-9.1.mga7