CVE-2019-17561

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

References

Affected packages

Debian:11 / netbeans

Package

Name: netbeans
Purl: pkg:deb/debian/netbeans?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / netbeans

Package

Name: netbeans
Purl: pkg:deb/debian/netbeans?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / netbeans

Package

Name: netbeans
Purl: pkg:deb/debian/netbeans?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/apache/netbeans

Affected ranges

Type: GIT
Repo: https://github.com/apache/netbeans
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d04fb24027334c4b6fd8397b5d0cdd33187a8f54

Type: GIT
Repo: https://github.com/graalvm/graalvm-ce-builds
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1ebb60f5d73c0a82424003ee6ff22fb7bf163efe

Last affected

6c1e8e199e171761b388b0f15afadfba0b552abc

Affected versions

11.*

11.2

11.2-beta1

11.2-beta2

11.2-beta3

11.2-vc1

9.*

9.0-alpha-rc2

9.0-beta-rc1

9.0-beta-rc2

9.0-beta-rc3

9.0-rc1-rc1

vm-19.*

vm-19.3.2

vm-19.3.2-pre

vm-20.*

vm-20.0.1

vm-20.1.0