- Package:
- src:plantuml
- Source:
- src:plantuml
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2025-03-11 07:24:01 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability was published for plantuml. CVE-2023-3431[0]: | Improper Access Control in GitHub repository plantuml/plantuml prior | to 1.2023.9. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3431 https://www.cve.org/CVERecord?id=CVE-2023-3431 [1] https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c/ [2] https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Hello, I tried porting fixes for these, but I think I lack some Java skills or knowledge of the code base to be able to rebase them correctly.
Hello, The focus right now needs to be on porting fixes for the security issues: * https://bugs.debian.org/1039999 * https://bugs.debian.org/1040000 I tried dealing with those but haven’t produced anything usable, unfortunately.