CVE-2020-25638

NameCVE-2020-25638
DescriptionA flaw was found in hibernate-core in versions prior to and including ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2512-1, DSA-4908-1, ELA-376-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libhibernate3-java (PTS)jessie, jessie (lts)3.6.10.Final-3+deb8u1fixed
stretch3.6.10.Final-6vulnerable
stretch (security)3.6.10.Final-6+deb9u1fixed
buster, buster (security)3.6.10.Final-9+deb10u1fixed
sid, bookworm, bullseye3.6.10.Final-11fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libhibernate3-javasourcejessie3.6.10.Final-3+deb8u1ELA-376-1
libhibernate3-javasourcestretch3.6.10.Final-6+deb9u1DLA-2512-1
libhibernate3-javasourcebuster3.6.10.Final-9+deb10u1DSA-4908-1
libhibernate3-javasource(unstable)3.6.10.Final-11

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=1881353
Fixed by https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78

Search for package or bug name: Reporting problems