Google Git
Sign in
gerrit / gerrit / 79b7ca94761e0f4c60b0fd51d786743960d396b9^! / . / WORKSPACE
commit79b7ca94761e0f4c60b0fd51d786743960d396b9[log] [tgz]
authorDavid Pursehouse <dpursehouse@collab.net>Thu Nov 01 15:02:38 2018 +0900
committerDavid Pursehouse <dpursehouse@collab.net>Mon Nov 05 10:00:39 2018 +0900
tree8beababf392c4d8f6eab4065e2e26fb3ff8e6fb2
parent328afb242bd869ebe0b79b22c5f885629c2f8656 [diff] [blame]
[CVE-2015-1832] Upgrade Apache Derby to 10.12.1.1

This upgrade fixes CVE-2015-1832 [1]:

  XML external entity (XXE) vulnerability in the SqlXmlUtil code in
  Apache Derby before 10.12.1.1, when a Java Security Manager is not
  in place, allows context-dependent attackers to read arbitrary files
  or cause a denial of service (resource consumption) via vectors
  involving XmlVTI and the XML datatype.

[1] https://nvd.nist.gov/vuln/detail/CVE-2015-1832

Bug: Issue 9952
Change-Id: I632d3048c21baece089affdd01e2e7782dbaebc6

diff --git a/WORKSPACE b/WORKSPACE
index d5a8c25..5110562 100644
--- a/WORKSPACE
+++ b/WORKSPACE

@@ -750,9 +750,9 @@
 
 maven_jar(
     name = "derby",
-    artifact = "org.apache.derby:derby:10.11.1.1",
+    artifact = "org.apache.derby:derby:10.12.1.1",
     attach_source = False,
-    sha1 = "df4b50061e8e4c348ce243b921f53ee63ba9bbe1",
+    sha1 = "75070c744a8e52a7d17b8b476468580309d5cd09",
 )
 
 JETTY_VERS = "9.3.17.v20170317"