ALSA-2022:1860

[ALSA-2022:1860] Moderate: maven:3.6 security and enhancement update

Type:

security

Severity:

moderate

Release date:

2022-05-10

Description:

Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.

Security Fix(es):

* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	maven-resolver-1.4.1-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	11e20f2f33cc615a3721af98927262b02921107ed741404aaa6ff675be75a58d
noarch	jcl-over-slf4j-1.7.28-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	14e95621ecf2f3052af1cb40a816bd5bee233835f4f0ba683123877a5358bbf0
noarch	plexus-containers-component-annotations-2.1.0-2.module_el8.6.0+2786+d7c38b21.noarch.rpm	16d171518a4d0af2a244f270e3e9ff381832e1610dab1b1a82aa43b0ec941757
noarch	maven-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm	18bc3406cf25bc4ad7f74fa86caa72d2cb636dfccf82782e005550324950e337
noarch	slf4j-1.7.28-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	26f2b97d7cfe7070ac9fa04b54c50f049f28dead79a78ad2b7051d04e516ff0b
noarch	apache-commons-codec-1.13-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	2e04c18e736ab4985a196f051c4a468c4a0ede815abd9c174d2b7783ab172189
noarch	atinject-1-31.20100611svn86.module_el8.6.0+2786+d7c38b21.noarch.rpm	3359d8279ddb9bb821c8dc124aeaec8fdcdca96db0bc086a933b137c0f0e69c6
noarch	plexus-interpolation-1.26-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	37a59c346e18aaefce7adc0e16c3a5d07c6f1dffd0b81a31a68d3eddc9deab2c
noarch	maven-openjdk11-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm	380bf2741b0aaff7a7dbeaf29d65ef077f0d2deba042e0b4a7e9730c412e5868
noarch	maven-lib-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm	3c93ac35b909eea7740388b3128f3ec7b14245aed8ba83060378cad785e407a3
noarch	sisu-0.3.4-2.module_el8.6.0+2786+d7c38b21.noarch.rpm	3ca22c11b20e27a813e6c8d21b31c72f6a999dc8c10f633a9abc0d7c145a1b66
noarch	plexus-classworlds-2.6.0-4.module_el8.6.0+2786+d7c38b21.noarch.rpm	4045b7011337370ab890b8851412450c8179ef756988f2883f305dc2326c1a81
noarch	maven-openjdk8-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm	468fffd0b3c47460733c168f71e3e9db82f4b50e8d58eafe85414977c47dccac
noarch	apache-commons-cli-1.4-7.module_el8.6.0+2786+d7c38b21.noarch.rpm	4e49618e7c555ddb9e9e591e46b4561411bb7f1e20eafb9f42d17c4b76884c2c
noarch	jsoup-1.12.1-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	5065de963e07b5d5251716ac7f94fdfd76da10c08da45e12e6c7a449f42535e9
noarch	maven-shared-utils-3.2.1-0.4.module_el8.6.0+2786+d7c38b21.noarch.rpm	507101052e5a643e7b34de9dff83db278b9f4a3a610c548927e6cb581bcd5728
noarch	plexus-utils-3.3.0-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	599da53e25e54158674d466284ca9a66d34684cf6ce8574930556f85d83bb411
noarch	jansi-1.18-4.module_el8.6.0+2786+d7c38b21.noarch.rpm	5ec52123629d9fb21fdb3d265233008d07f78ea691095b67fac8d4c706a693f0
noarch	maven-wagon-3.3.4-2.module_el8.6.0+2786+d7c38b21.noarch.rpm	5f775ce4ba807e57930a0479f06b617543156e117681785fd0565c429026b7ad
noarch	plexus-sec-dispatcher-1.4-29.module_el8.6.0+2786+d7c38b21.noarch.rpm	86c062c3e54fb798fb76aeea0dfcdd765aa4fac5f3253b449a480cbe8cfc3b24
noarch	httpcomponents-core-4.4.12-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	9339d1eaf943d28866387ad5eeec25309b04459fac926f29bedb3596dd38ef64
noarch	guava-28.1-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	9c1bdf74cee2afecc05d4db3ca37df3202e34d63b4b86b5d843437341ee89498
noarch	cdi-api-2.0.1-3.module_el8.6.0+2786+d7c38b21.noarch.rpm	a625e5bf58dfe5d5aa82beac1d99b2e28fd8b7b1a1c03e8bed2c7f4462a737c6
noarch	maven-openjdk17-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm	b35e77c342ca07c254218149ce3edec7596b3ec42010b70167db49f5a5219457
noarch	apache-commons-lang3-3.9-4.module_el8.6.0+2786+d7c38b21.noarch.rpm	bd93b5f5247fcef9bc666898f256655b5c8d5039f6e2437e832c6f53774738bc
noarch	httpcomponents-client-4.5.10-4.module_el8.6.0+2786+d7c38b21.noarch.rpm	c3d6533d1bd6373869d1661b6233748a68674c346fe6b0863d2c7b2c940cbea4
noarch	apache-commons-io-2.6-6.module_el8.6.0+2786+d7c38b21.noarch.rpm	c96a4b563776d6e6d15167aed8252d1dd2f4482c44edc5e5d9dec562605ed8c7
noarch	google-guice-4.2.2-4.module_el8.6.0+2786+d7c38b21.noarch.rpm	cc7d5a6c3d51fe818fec6af12ab5c3cc03bd17a57afb528af9e44454e66847b4
noarch	geronimo-annotation-1.0-26.module_el8.6.0+2786+d7c38b21.noarch.rpm	d29232742f61c2c050bde16e6567541bb1a161c714e4e4d861dbc4d31ed450f0
noarch	plexus-cipher-1.7-17.module_el8.6.0+2786+d7c38b21.noarch.rpm	da8ccbe6d8ec3e070611a7ededdf099ed8a4855d6ed594bef0987f4edb51d087
noarch	jsr-305-0-0.25.20130910svn.module_el8.6.0+2786+d7c38b21.noarch.rpm	dcd4539389b359127dc3e0c98fa6ee88d65abeee633ad2b16436cea0f48a39b4
noarch	aopalliance-1.0-20.module_el8.6.0+2786+d7c38b21.noarch.rpm	e880be9f037c4dab64250caa055ec59ccd8cd1019532151612b4352cb135e7be

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.