Accepted libgoogle-gson-java 2.8.5-3+deb10u1 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted libgoogle-gson-java 2.8.5-3+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 07 Sep 2022 08:10:22 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=c5LfSUVQo3qHj6LyDT0zW5SG+m0Lv+Eg8sNWvP/cMcc=; b=Vo8j7qWuFdLEhkVT5hiC9xiiet JFrJilwp+jz4ICmWlyY7l1MqQqrEeQDgl00riH5dpfzXgAfnGX/PtVR3qFQdeI88dht9OFMzSAKKr Nna2uHFw2uZJMJW3u9ybpF15hDfn/wRlrgMhPMUasqvpavgJMqWQAnF29P5ZXX3sAk6aL4A4ixIwI yMlhGyURpD25e5b1npyAApJYH9EtlLMy0hHYZdT9i2WqfNf6YTatG5hZPt1XrMHWbC05/xnqNwur6 WajCBq2Hs+9X8zoybpFtte9qRC3EitsMG1eqKS8OqFXmuaRghdQNH1bkpiGtIT0qQ3yJVySm7FxnC bRXWGn3g==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1oVq8c-0001gG-Ub@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 7 Sep 2022 09:53:49 CEST
Source: libgoogle-gson-java
Architecture: source
Version: 2.8.5-3+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
1130adf8d3c319e65cb251bd2be64f76fd66e64b 2353 libgoogle-gson-java_2.8.5-3+deb10u1.dsc
eec1e76a3f3888a34806bc9ef4b3268509ba8b79 315920 libgoogle-gson-java_2.8.5.orig.tar.xz
26aaa7ecefd23fdd9fe29b33db93837de3be859a 6180 libgoogle-gson-java_2.8.5-3+deb10u1.debian.tar.xz
bd747939500d4e3fd950b7008c3a2f562946d67a 16130 libgoogle-gson-java_2.8.5-3+deb10u1_amd64.buildinfo
Checksums-Sha256:
533ce4a98e99b8968cf8dcca74f60bfbaf0883bf70d8fac0cfebf9d19db225e4 2353 libgoogle-gson-java_2.8.5-3+deb10u1.dsc
26e5df7fd48d5918f6d6961b3b065c2908444dc865ad6de87ad0d1986fc464c8 315920 libgoogle-gson-java_2.8.5.orig.tar.xz
260dfe4c63097ca705ee9219b7a1a971fd3c90db9d1943c24cc58a953590b98d 6180 libgoogle-gson-java_2.8.5-3+deb10u1.debian.tar.xz
a04fc1360f9f44accb1632483f22f865eca274e0012bd25227c7e6f49e0e9278 16130 libgoogle-gson-java_2.8.5-3+deb10u1_amd64.buildinfo
Changes:
libgoogle-gson-java (2.8.5-3+deb10u1) buster-security; urgency=high
.
* Team upload.
* CVE-2022-25647: A flaw was found in gson, which is vulnerable to
Deserialization of Untrusted Data via the writeReplace() method in internal
classes. This issue may lead to denial of service attacks.
Files:
cd47d9fb10965f10bb152f2dff928cef 2353 java optional libgoogle-gson-java_2.8.5-3+deb10u1.dsc
b1c552cb28516fba50e21a49d78ee8e0 315920 java optional libgoogle-gson-java_2.8.5.orig.tar.xz
e31715a00db2ca6b8721148e3cb4ecc4 6180 java optional libgoogle-gson-java_2.8.5-3+deb10u1.debian.tar.xz
1b6ecbbf0b97a2cf36b5290e48f11243 16130 java optional libgoogle-gson-java_2.8.5-3+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmMYThVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkHTAP/18KmRojQsCFV9AXxhqiqOl+jHLvszZIEscm
7v+AngbMSqs1r2IOCQvDO8X7lQxSgUeYsRV2aIHBrJEtS0fBqh9hylT2sg1xhQ5q
F1p2HtfeU0vCFReQXkONKvI/hebyPN9/pVNfY8WeYncOQbeo3xBeKQQg4UgVPpMW
pynU5n3yET+M2qJ7yR5+jKE7filC1n3KXWaSNuSOfbQfE4wvhgw78u8iNfNt8SrC
i665GcNJH/KTCk9B7zI/AoJ2XdUf8dUdmqsLHHGNIyPZpUR7xXsMlUdasd+GLeag
mmRust8Vo/p0s3YLVd3nuQJiY/slW35pjfXgLVgfIQOQu5QByrMlrqkbmrpEsNnc
UqnMnm9lZviXaMCKdgTjWC/c+oZMaYfZpvss0dfgSHPdzjaPmmV0B1aLbWuhM/Gi
Dbz0/DOGATs66WRMd7TuPkgc5CrkQNcr9CWZogpJtOspBHLASZDUiAT4LIBagqRY
1JX1EnCno0dnr0ol8m2nNX/TphUF5+mpt3w3lJL3SjsWls6wNqoUhPfNw4ttjRRV
YS5P8LqLqbFTl18pLzpjQ+jLG0M0a4+VabfBzuFVvxRBDIM869/M4JpSJhPvygmw
s8t6iB+uLObjUMn51I3K11RWGaYyivLskzeP678WUuaAFV/1dCUXFKu+mDAYHniQ
GHUeSQJN
=Bpp2
-----END PGP SIGNATURE-----