xalan:xalan is vulnerable to remote code execution. An attacker is able to corrupt Java class files generated by the internal XSLTC compiler and execute harmful Java bytecodes on the host machine due to an integer truncation flaw which occurs during XSLT style sheet processing.
packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
www.openwall.com/lists/oss-security/2022/07/19/5
www.openwall.com/lists/oss-security/2022/07/19/6
www.openwall.com/lists/oss-security/2022/07/20/2
www.openwall.com/lists/oss-security/2022/07/20/3
www.openwall.com/lists/oss-security/2022/10/18/2
www.openwall.com/lists/oss-security/2022/11/04/8
www.openwall.com/lists/oss-security/2022/11/07/2
lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
lists.debian.org/debian-lts-announce/2022/10/msg00024.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
lists.fedoraproject.org/archives/list/[email protected]/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
lists.fedoraproject.org/archives/list/[email protected]/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
lists.fedoraproject.org/archives/list/[email protected]/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
lists.fedoraproject.org/archives/list/[email protected]/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
lists.fedoraproject.org/archives/list/[email protected]/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
lists.fedoraproject.org/archives/list/[email protected]/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
security.netapp.com/advisory/ntap-20220729-0009/
www.debian.org/security/2022/dsa-5188
www.debian.org/security/2022/dsa-5192
www.debian.org/security/2022/dsa-5256
www.openwall.com/lists/oss-security/2022/07/19/6
www.oracle.com/security-alerts/cpujul2022.html