Back to libxstream-java PTS page

Accepted libxstream-java 1.4.15-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted libxstream-java 1.4.15-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 18 Dec 2020 21:49:45 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1kqNdB-0009rQ-LZ@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Dec 2020 01:51:35 +0100
Source: libxstream-java
Architecture: source
Version: 1.4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 977624 977625
Changes:
 libxstream-java (1.4.15-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 1.4.15. (Closes: #977624, #977625)
     - Fix CVE-2020-26258: A Server-Side Forgery Request can be activated
       unmarshalling with XStream to access data streams from an arbitrary URL
       referencing a resource in an intranet or the local host.
     - Fix CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion
       on the local host when unmarshalling as long as the executing process has
       sufficient rights.
     Thanks to Salvatore Bonaccorso for the report.
   * Ignore dependency on libjaxws-java.
Checksums-Sha1:
 f85ea105e4bcd51ffd14da6c42c6f358dd427d7b 2520 libxstream-java_1.4.15-1.dsc
 8267825391de4a4557308186cecfadc22d21c4d5 452396 libxstream-java_1.4.15.orig.tar.xz
 c8758124cd0277c2746864ea29e33f24b4d0e7fa 7196 libxstream-java_1.4.15-1.debian.tar.xz
 39bcbe4128cacf760f4388f317d65bcfdd505922 16193 libxstream-java_1.4.15-1_amd64.buildinfo
Checksums-Sha256:
 2ac841345aaa72e0c6f029e274911893b8214054fe009804c914d1365650b1a8 2520 libxstream-java_1.4.15-1.dsc
 f905ff9b5d3b7c25914b263903a295d682b476e33d36af7e04a0bee304ad2040 452396 libxstream-java_1.4.15.orig.tar.xz
 ccbedf59fe6f99a359c69eb22b31ef18a3a5603315417be1c2e49a0d305e313e 7196 libxstream-java_1.4.15-1.debian.tar.xz
 fe9e738c2e16b87551e19fad79a225541dc834d66d2e24bba31cb388fe303a3e 16193 libxstream-java_1.4.15-1_amd64.buildinfo
Files:
 96afc8238b4c2021a9ff5f860b54127c 2520 java optional libxstream-java_1.4.15-1.dsc
 323ce40bd51667f31247316f07e14b16 452396 java optional libxstream-java_1.4.15.orig.tar.xz
 83097a41beffa169ee44f27ce1a25e1e 7196 java optional libxstream-java_1.4.15-1.debian.tar.xz
 dacc286a3ecc4056060b6c5fe00b938b 16193 java optional libxstream-java_1.4.15-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl/dIG1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkevcP/08FrXg2jEVM+sedWnRFa0gE4+iHA4jYGLak
QtK084jP/TwtlB4Y4ABgC3GgvoBEx6lJEdpXwZxFMhzlYeOLgSIAwORMVNjyntPF
2EGHhP5DeEYo0pO824yvf3NPpO74PFiuCFUnrTO0wYWVnnvX2xGzsxX4C4L84gf+
ryx8jjQvDn6DYETlmZMY9+Q+JwoqIVOJOwdq641Nxijks/wtzH6V6lxQw6OcR4w6
s+ye1GW+x49tPWy1rXOi1mTuU/BHblq3eOyQwcv/V0wS59AiPUb30mw1CgeAYukp
IekHil2xnbAoHVi4D4/6UF/wjtsZDr99PrfXYVfSonYnbNVpKHw2zWN1rfBYH7ZM
z2KEp/cFtPhvs0al/L1RjBBRZL9kDVdLnDe8G/Tzd9QEFj74wswECz43MeDMaUuM
YVgCpgG1CbUn/JFTrJQQYnrYpqeYYRUG8GRwHhHRi0PEKDXTtRR47DPo3E2X7rAZ
XRqLYyODFJi+Oflj2xIUlu3hiQbzGul6dF2135OrbpDFIOPCmM7mOTL6v/HM1aaj
rDGWzXM0VldOY4czBUp/vgovymtJoyIK0UR4xIUi+82VNfjNMFORP8Uh+P5K4PKf
wLh1mV5okOMbdTFWgJlekv5djc/Wbgn7zdjA/amnI4+oKX0Oo3OZzzHHsa9Xlr5e
dT/B2GhH
=lezv
-----END PGP SIGNATURE-----