Accepted libjettison-java 1.4.0-1+deb10u1 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted libjettison-java 1.4.0-1+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 10 Nov 2022 00:00:21 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libjettison-java_1.4.0-1+deb10u1_source.changes
- Debian-source: libjettison-java
- Debian-suite: oldstable
- Debian-version: 1.4.0-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=xl3Kl/Hnnhis6X8WLYa2eEv7QG7dxvwHh6RaURaDno8=; b=qiUcnrdJJ3u+wPIkreD68RDO5N L5T9PAsaF5F3fd0cJoqqDcN0U2oeENh5h8ShBCAcDewQVY101ZUfUghA8ATsHu6i/ERAVuLKhKQ8a 43Xb20bOEzjZRnFtQk5lXf5XlLTOlx44z5Jli87uoUIaoNNX/zSjMJVP13kwDhyBJ/QF1jlZHVr+0 eD8bkMw+dbYOJrmptaxg94DlZOf0e0W7fD1olipa075jgg9mJlYUpkEGIXVsGQN3bj2wEWyz0LvmH ay+zs/mpUuTn3fR5siJ/RfykVyZK6gQrT7Nv5XvwA0PbLzwRCX4zC5iqXshXbTc4i+oKokXPwWlY8 zBQhHjgA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1osuzV-00EgYi-Li@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 10 Nov 2022 00:46:44 CET
Source: libjettison-java
Architecture: source
Version: 1.4.0-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
17e9de0429970cc1b3ddf27a3eb9e415b5760126 2284 libjettison-java_1.4.0-1+deb10u1.dsc
d045a60915f2dbd7af3df94580b0dabf47f9b20b 51596 libjettison-java_1.4.0.orig.tar.xz
4d472ebb0182b22109663a9d4d8a6939144c7c64 3776 libjettison-java_1.4.0-1+deb10u1.debian.tar.xz
579fa1db99bdc0b385ba25df5c456654b6b8db40 13562 libjettison-java_1.4.0-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
af44025cfacc4bb8e3ea50a42f24e699d0681e2f4a888dc4b50be7ea82c3db2a 2284 libjettison-java_1.4.0-1+deb10u1.dsc
f4324cedd04d0b2ec92225f7f56e1d6a8f780f6da77a35123075995d4af7cecf 51596 libjettison-java_1.4.0.orig.tar.xz
ae8c75d84cab29bbf9de35477c852b4515647ea4b3d8ddd2a4392288c60c6f75 3776 libjettison-java_1.4.0-1+deb10u1.debian.tar.xz
30eab4c1e93cc6c4d357b59bc7f4564c35425443f34114e61c44adad8a80f42a 13562 libjettison-java_1.4.0-1+deb10u1_amd64.buildinfo
Changes:
libjettison-java (1.4.0-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2022-40149:
It was discovered that libjettison-java, a collection of StAX parsers and
writers for JSON, was vulnerable to a denial-of-service attack, if the
attacker provided untrusted XML or JSON data.
Files:
4ff37ae390f11f66a7396b6daddcdcee 2284 java optional libjettison-java_1.4.0-1+deb10u1.dsc
23b2c0dcbbd2228604f85b78f6314b3a 51596 java optional libjettison-java_1.4.0.orig.tar.xz
01ed85cc619a7a29e77c90b24f11eaf3 3776 java optional libjettison-java_1.4.0-1+deb10u1.debian.tar.xz
70b94d926137074a74b5a9dfcd1e03d8 13562 java optional libjettison-java_1.4.0-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNsO+hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HklcYP/0QOunRDRlLX5Y8P2lB7jK+MqZnf54DjRUjm
NhGmwyQVjP8nouSd4a/yxVf6X+6JugO7Ej2kM4Z3Iur88nYd3WGPT4y8kYKJFnpw
t2bUtUPvOqaDYwrzf1sLRNkzP1yMjFSHfd+CHVSY4GFiFeyfS1YYMqBFMNbQrAPF
GkP0MId1sgCD5vQ7ymqknnhrPItM4pMstgnOpBnnPHJK0Roxg1HQX/5gQW7h5K3P
qZJMqYB4GTVhLEAH4WO7TUfD2DCkMvFLt5jbsOCDT01mo2y5e6xdgFqsCxSEUjZz
ukvWNr6gtw1nwVLJlgtUsjDV9Z1QBpYk1JZI0pF2uVs5ZJQ6zLP6xKfm3TCGaWvY
91ENb0nVhpma4aksUoDOJZdriZstBzz4iSlQmdXmqeScm6Y2fJVj65v4JgCpmopZ
VyvzDfN2rP+RowplTCz2LQfnO/xu6sKrSLw8ECmAKgmfIXWCDnFG0kW4CLgX/Lrc
bYanORFaOEiotQ0U2+viqlBe7atMbeI5nmHuxNcJuZMnjy7zae7it/iJx4BP70pa
6vfHHEjoIB1/ZRhKmRE78UCOGip4BgoJJ6nsJjaY6D/tsNv0MhNwxqBz0E2dRrkz
VUJ1urPqHEc+duIQJ0f5e6qayyBQx9P6FvVIMV2aPh0luCIE34kh2JstMqabLdzr
KhI2qMDm
=z5fT
-----END PGP SIGNATURE-----