Accepted libgoogle-gson-java 2.8.6-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted libgoogle-gson-java 2.8.6-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 11 Sep 2022 13:32:34 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=sL4EW4sFLuCYZ+4Al25qg8CkHQ/awTDTPM9vnv9vOL0=; b=FDLPI7r5gV1zODwbrIuPOBZVXu MEUZUAd5nAV3XwXDkP3KV+KL+jbT9xkfE4DeSPguiPZqOob47XuBR8zkdoAmTlc023VFvYcL7PIQ/ OvTLy6HWsh1REt8a0UlJxfEwaRriRjFpDSFxYoCNWlzeUnZhSYkMewxFaQ3HD+63AOSbXkeMw4Dva II9p/TNBFpTLbhLJ5w4U3Lwg6s3C3DiWjWHisT7aeXKk8oavLqBGzdiAQwGKM8+qBfgcrjztazSbC N3d2Wdzgb2caHzLqYifYqfO2rips2gGp1fynnZtlNXpxZFmkWakkvhmwkjEfFoIlWiOyyAwWxjJgm o90rWRGw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1oXN4c-005SUe-V1@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 7 Sep 2022 11:36:05 CEST
Source: libgoogle-gson-java
Architecture: source
Version: 2.8.6-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
f2bbd34766aa902c78916885df3dfbfa375b3626 2359 libgoogle-gson-java_2.8.6-1+deb11u1.dsc
c50332e0e1ec84839d9144fa48d5a519709463c3 315804 libgoogle-gson-java_2.8.6.orig.tar.xz
5438cb416986dfc1fb62d917e3cd2169b2fe4b0f 6184 libgoogle-gson-java_2.8.6-1+deb11u1.debian.tar.xz
def9a32f0d2553df5dba6847f6bc1bdc7248e372 16502 libgoogle-gson-java_2.8.6-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
5e779c4a6884f0256cae19e7f3d519d8bf8ad7f0af1511c4800dd0873412b004 2359 libgoogle-gson-java_2.8.6-1+deb11u1.dsc
be2a1b56d110ce617adfe3d70ea359f9631881a3bb744ebe2fbb13c927742c00 315804 libgoogle-gson-java_2.8.6.orig.tar.xz
efa369e674058522c2dd46318b12d8fbbf094985e445f2a2ff0d1d1cb6cb3e98 6184 libgoogle-gson-java_2.8.6-1+deb11u1.debian.tar.xz
5767e28948b8902cce2365031f1edba416e61ee4188355ecc68c1786c0a0c15f 16502 libgoogle-gson-java_2.8.6-1+deb11u1_amd64.buildinfo
Changes:
libgoogle-gson-java (2.8.6-1+deb11u1) bullseye-security; urgency=high
.
* Team upload.
* CVE-2022-25647: A flaw was found in gson, which is vulnerable to
Deserialization of Untrusted Data via the writeReplace() method in internal
classes. This issue may lead to denial of service attacks.
Files:
de457255632277c644eb2c73ff7b2842 2359 java optional libgoogle-gson-java_2.8.6-1+deb11u1.dsc
72adc483d01853f43c5c392bf50d285b 315804 java optional libgoogle-gson-java_2.8.6.orig.tar.xz
05c3c9f6568359a258b10c963946cb01 6184 java optional libgoogle-gson-java_2.8.6-1+deb11u1.debian.tar.xz
867174b51fff00873f31ec94314f6de7 16502 java optional libgoogle-gson-java_2.8.6-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmMYZhtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk414QAJ4GCld681UziJVpp+ngfGjW2rFjV8DZ7m6l
NVWVBYk603eriJLM3phhUewxJNnMjH+hG346t+1EpaLnwVS9eixeq/35xWNBnIJ9
rxPJ8UM39AyyHKN8Ku3wlsjYArMbFUcDiIR4mczTHjZ7s0iyhAPLquvq3ltWKdvd
PZ/m6b1L+IcOMkTOnrGqTJQ/qlMMdV0AgUlEmuiRVwzGcIthKcenf6WlLRRFGJ5O
K3p6pxHgOZaLvQyLNH60N/PHtLNLbSJtreWp+qAbiAfcfvIIoXhuRWrkVGHdJuq1
Wep1d3tFp5k17l8JksN2DJlGD3cAKj7gdvCMg+6//e0r1ixfObEDVZVgnMJLD8DC
iX1rlh2y3+CDTwCM/gIWnPWLBNibrLlRc5y2+fwm0YdU/AK9mlREXXF5gcSoqrAf
Y7gUs4R2Z18DWgo03rXZLxjwq7c6IGNcql5IzeLLLqSwim2aFAulfT7TE/QLnGnd
WHR/bwAamW2Al2/NYnQ2iytY58DVcPNctDwZXQ4T/2KlfXcyGAboQSNrCdNtH6y3
e2UtIZkJw13GA3up1Q22YGKLXjhBF18wS6ji2xIyVs57+uwFaQjcHfNeZuOE0cr1
dJnRIEONPkpaGIn+j1bcFpfTbi0S3qIB2dgL/FueEIkq/K6ES6ntHyJoWdWK59fd
p8EofWFM
=AB0g
-----END PGP SIGNATURE-----