| Name | CVE-2017-8315 |
| Description | Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| apktool (PTS) | bullseye | 2.5.0+dfsg.1-2 | fixed |
| bookworm | 2.7.0+dfsg-6+deb12u1 | fixed |
| sid, trixie | 2.7.0+dfsg-7 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| apktool | source | (unstable) | 2.2.4-1 | low | | |
Notes
[stretch] - apktool <no-dsa> (Minor issue)
Upstream bug with details is restricted
According to Red Hat only eclipse-andmore was affected but it was
never shipped with Debian. Apktool is affected though.
Possible fixes: https://github.com/iBotPeaches/Apktool/commit/f19317d87c316ed254aafa0a27eddd024e25ec6c
https://github.com/iBotPeaches/Apktool/commit/657a44f5938b072898a0de913c03760210e0f4ed
https://github.com/iBotPeaches/Apktool/commit/dbb144f9af5478c780e59c8b65036ae882595063