Back to libxstream-java PTS page

Accepted libxstream-java 1.4.9-2+deb9u1 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libxstream-java 1.4.9-2+deb9u1 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 01 Dec 2020 01:00:12 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1kju1c-00078o-9O@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Nov 2020 00:04:50 +0100
Source: libxstream-java
Binary: libxstream-java
Architecture: source
Version: 1.4.9-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libxstream-java - Java library to serialize objects to XML and back again
Changes:
 libxstream-java (1.4.9-2+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * XStream is vulnerable to Remote Code Execution.The vulnerability may allow
     a remote attacker to run arbitrary shell commands only by manipulating the
     processed input stream. Only users who rely on blocklists are affected.
     Anyone using XStream's Security Framework allowlist is not affected.
Checksums-Sha1:
 bdeca483090de74e51c87449950eabd3a0ed0eb2 2585 libxstream-java_1.4.9-2+deb9u1.dsc
 0495145c1d88722ee4331265a30ce93d5dab6bda 419660 libxstream-java_1.4.9.orig.tar.xz
 20ae8deaa497aa981f795147af0c734e26f0cbde 8528 libxstream-java_1.4.9-2+deb9u1.debian.tar.xz
 882c815822bf6dd1476ee22095f009fbb8a93427 16450 libxstream-java_1.4.9-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 4f562f98571ca8c34c46e2d962b7babdaeb6820f478b6c1edfa0415e08b84298 2585 libxstream-java_1.4.9-2+deb9u1.dsc
 f97c2c723e03892859c69242397815a00b10ae1da0ca78d6c9b1f51397752c66 419660 libxstream-java_1.4.9.orig.tar.xz
 dcecfee0f869221ca257a0831e30e143f65b3b730053217a2c3d63a61506ceac 8528 libxstream-java_1.4.9-2+deb9u1.debian.tar.xz
 e8af22be96a7f93ee72101410b59fe513cafa549a9064d45f2c79f1cf412208c 16450 libxstream-java_1.4.9-2+deb9u1_amd64.buildinfo
Files:
 e5347157c462c6cb1d34a2864a5b7e06 2585 java optional libxstream-java_1.4.9-2+deb9u1.dsc
 259d2a02e54c3b6deb41fe2861f74d87 419660 java optional libxstream-java_1.4.9.orig.tar.xz
 0d0020c2f5902649b737b4522c022aea 8528 java optional libxstream-java_1.4.9-2+deb9u1.debian.tar.xz
 1f1223219f4f7061098ff8e14b87b94d 16450 java optional libxstream-java_1.4.9-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl/Fkf9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkmZYP/icgqQ1qzXltpz4DECcB1ZCSF9b9z3CiPMn1
J1SiYVVendClu4X/bVuZoGr2aoHC0tBFM0sDfQiV0mKo79M5jvg/n0uqJ1j33oN/
2oIc0c44vkW3eKu1izRGc87EuxHP6fzQ8OEqHYiUvTpBLn1oiBpucn4/uasKhdig
PoDo05aC39z+HOT40spITjHzTr+tNP0gJnv/FoCwwRCwYeqjD3ILD1hi4eT9405b
rxqkB/+IdRKkhhXVEOsttg9OaqyFmlm6C3js5MHna6cXaQMgxdi5hkMUUdwe70mY
duwZiGqc1mB09YVi+gywgCPf5SvAc+IfKBDfJb4VsDO4BVCvnfmlt2SvzKod8Fz3
zbzFr7MiEgWQfEt286BQpb9rQRyG750RVf9zrenZEU0qKvG/A3T0r/Bk9+8lgmud
KdTUM9rNR2aO4PB8NMQEMVgoOZR+3cjQmPP29mtNlqgNPasWpa8+SWHrnxj9y/2U
l050UuuSvD1KP3z3OJKvqmwxgWUH9X4UFzz40ZIHftMiQeWwiXIYzEiID/J5Jie+
JJdz3+uJmvMSxxa8pOqRd/VbgVtBE/Kcu7+AjG3+pobpuDehaB0TLdRBsQzD4k0k
NC8fDXL8jhU8609bDA6Z1GX35QukBDjYDTpAYEjTlLGJM5hGhQnvMXtUR3KK8pz8
f0SNg+JV
=PgJk
-----END PGP SIGNATURE-----