Accepted libxmlrpc3-java 3.1.3-7+deb8u1 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 Jan 2020 14:30:39 +0100
Source: libxmlrpc3-java
Binary: libxmlrpc3-common-java libxmlrpc3-client-java libxmlrpc3-server-java libxmlrpc3-java-doc
Architecture: source all
Version: 3.1.3-7+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libxmlrpc3-client-java - XML-RPC implementation in Java (client side)
libxmlrpc3-common-java - XML-RPC implementation in Java
libxmlrpc3-java-doc - XML-RPC implementation in Java (API documentation)
libxmlrpc3-server-java - XML-RPC implementation in Java (server side)
Changes:
libxmlrpc3-java (3.1.3-7+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2019-17570:
An untrusted deserialization was found in the
org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache
XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a
XML-RPC client causing it to execute arbitrary code.
.
Clients that expect to get server-side exceptions need to set the
enabledForExceptions property to true in order to process serialized
exception messages.
Checksums-Sha1:
08601c1e77b3b9c935a39e4a10faa42774783d08 2752 libxmlrpc3-java_3.1.3-7+deb8u1.dsc
e2500160db7bd0f3c35aff2b99f5d0f5b2dc503f 170246 libxmlrpc3-java_3.1.3.orig.tar.gz
e96bf1c91865ca7c68227523ef2a3b894fee2e48 6940 libxmlrpc3-java_3.1.3-7+deb8u1.debian.tar.xz
6f51c504da90f61f7ce7ffec03f416cc7824bc13 94702 libxmlrpc3-common-java_3.1.3-7+deb8u1_all.deb
ae61f8d083d0f54d9edf3cfdbcb8ef8f3c000ff5 50868 libxmlrpc3-client-java_3.1.3-7+deb8u1_all.deb
64fd9d3ce710008aa72d7ae7aa4131b3623e7e7d 72926 libxmlrpc3-server-java_3.1.3-7+deb8u1_all.deb
d34b827c959de6b0682fc3d5840963c2c16397f8 186808 libxmlrpc3-java-doc_3.1.3-7+deb8u1_all.deb
Checksums-Sha256:
2d409c082840df7a0f1694c84e5a386588a68a352949233d9f7954fe5e48afb6 2752 libxmlrpc3-java_3.1.3-7+deb8u1.dsc
659671d30eed83ed28a79d448b0960e93c6cc42d371058a375ea6ecdd66e1ad6 170246 libxmlrpc3-java_3.1.3.orig.tar.gz
0e6ab221009f34a1399dbc6bfdf922cc6a952309e4a8ae8fabdd41b98dd432d8 6940 libxmlrpc3-java_3.1.3-7+deb8u1.debian.tar.xz
e82a09a571e2f123f537c6b4cb321b4fd3934837cc9a8c94e41fb78d6a67a141 94702 libxmlrpc3-common-java_3.1.3-7+deb8u1_all.deb
6997ebc7c89efe177cf19580116205f34ac314c389032be8f8a6f64987d179f2 50868 libxmlrpc3-client-java_3.1.3-7+deb8u1_all.deb
67633a8f284c676a5e3dc85ee119d44fa57842a1dc2d20182aa203c893e89ac4 72926 libxmlrpc3-server-java_3.1.3-7+deb8u1_all.deb
f887779eadada72cba9e1468c39e214ac630e591f1ad8182a8dca0033faac5ca 186808 libxmlrpc3-java-doc_3.1.3-7+deb8u1_all.deb
Files:
d9017459d1eece1e6329d564acdbdead 2752 java optional libxmlrpc3-java_3.1.3-7+deb8u1.dsc
dc69f66876a8c75824b23766d7bf0d91 170246 java optional libxmlrpc3-java_3.1.3.orig.tar.gz
5cb4324a40d6181306dab13f4ed2070f 6940 java optional libxmlrpc3-java_3.1.3-7+deb8u1.debian.tar.xz
b7e7810012d883d90ba32fee6a0657e2 94702 java optional libxmlrpc3-common-java_3.1.3-7+deb8u1_all.deb
1c9d0618e3887b1c1ecdb87d94ec10d8 50868 java optional libxmlrpc3-client-java_3.1.3-7+deb8u1_all.deb
294f4a13b535e43fcc46a63c96a552b6 72926 java optional libxmlrpc3-server-java_3.1.3-7+deb8u1_all.deb
7d324bed42e2b51c19a6fd9a9ed1aeef 186808 doc optional libxmlrpc3-java-doc_3.1.3-7+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4y3VRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkUxsQAKMIQ5U7yA6eomCM76NsAMWjHhWOb9GRAtiC
n2JECCQbLV2JJJ5eI3Z0u6TzFKvkFBzq3NY6RncXRr0leq/7Z5CdgcuWL+eVa5vP
I57NAU2LqEJ0vfYVW1hZB9Yqe+vR5kRVB+gMxd+feEfV3P0JWMR7JfPg3q4A6U0n
1kpx+HRDP3PFr8E7zlxfZyx+RhtYJ6LWnzh1g8UTZ7zm4C3PWma5Aot267Whjnsf
92955siToaMsLgWhesEGYHJxNtNpdeFugsMduj8FEquX1cL3aTTj3qpxmcVa1AOV
Eco62yR8lrXe7u0WVI2Fj3s75oufg6qzGgb1nGnZPV8L0LLnqkWHIvTD+PweSi5m
biYlNWDwAbQkv9w8TACN0pjQwyHpRV+mTrJa68jff1k9Xaph6tkR6Pc0rWG98gdW
kZsG8K16GR6E2czXq4qUosngYJ7fIFPVABQb+3e/4PIj1V9rjGVh48c/Txv+7lIA
dWclr0o/QTno835ZYGGe6fRWSqoun5u4qB447ui46iU/ImLuzsMx1JqL4ZcykVEG
0miu9hvaM1nkgnx10gupBgC5rI81+2HmomQ1pLi1VsYc0IKZPYlXLF8KkUML4w8k
keAQl//qxJvT5wScNGHfllYnf3QH2zEqqVYwaCqwPrMC6XiVI0WgNLUf4JWpAPrw
6NbLWRZD
=wtS4
-----END PGP SIGNATURE-----