Debian Security Advisory 5318-1

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5318-1                   [email protected]://www.debian.org/security/                       Moritz MuehlenhoffJanuary 13, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : lavaCVE ID         : CVE-2022-44641Debian Bug     : 1024429Igor Ponomarev discovered that LAVA, a continuous integration system fordeploying operating systems onto physical and virtual hardware forrunning tests, was suspectible to denial of service via recursive XMLentity expansion.For the stable distribution (bullseye), this problem has been fixed inversion 2020.12-5+deb11u2.We recommend that you upgrade your lava packages.For the detailed security status of lava please refer toits security tracker page at:https://security-tracker.debian.org/tracker/lavaFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPBriMACgkQEMKTtsN8Tjb+Lg/+IVAyMN6JpvfoVw2690mMigg4NeEhvy/+88hj8FbEpCdfORD3TOp2t6Asy+QIoE0ZAoOBN6JlHs4uK8k0PVzmHrho4Vp3LNB6RG4ppen4hyHRy5FOWJgXVicnqCYFOOGZk1M5LQq6nRpcl7iPK42jNwKEeJ5Z9vCPzoPfqeMN2ZsDKsKtGtcsu20sS4D9egjRiFl0VeGYx9DmKGZkgLBe1DdTq8IL3IDybqaXt6/CnqKj7TfUVvh0oX739WKZO9MgNiu/Aa8obumb/jbVvqxXo+3OfNeKtjcQKZhVRvUqt7CRpJwmmQpxkrxuFLhuz4nLy8Bu97CjMX8Jf+AEbhJ4PqBUinEIyQV1bICdWJw1rXjwPPHkXtnbtaMrAY/N0wJM4J4/Seu6x2P+I7Ftf/2/5Z4ltzmWIsPrLos81fFMKE5P/Objp1A8OEnHH1YeErae9HTZsvqr02DQErfR9mIaEJR6HryAIqxZsirXVzDFpL2cIbNVjCpiDsqAydCr30EvYIAmusdQ4egck0aN/1p1WAN7jcSQlw0Go4dutCJ1MYNbP8gB6tS+2xbZC+lGujr7Zmb1jpKl1ivZpOCXzqRYbWgBzgryf1g9GzH1a7r0pxCKvtTAzO9npEIusO0wPSQzpW9VmvAlPiAFj9EUF7ZWgfR/WdOkjJm9oT8dOANbGOg==88Fg-----END PGP SIGNATURE-----