Accepted libxstream-java 1.4.11.1-1+deb10u1 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 01 Dec 2020 23:35:51 +0100
Source: libxstream-java
Binary: libxstream-java
Architecture: source all
Version: 1.4.11.1-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libxstream-java - Java library to serialize objects to XML and back again
Changes:
libxstream-java (1.4.11.1-1+deb10u1) buster-security; urgency=high
.
* Team upload.
* Fix CVE-2020-26217:
It was found that XStream is vulnerable to Remote Code Execution. The
vulnerability may allow a remote attacker to run arbitrary shell commands
only by manipulating the processed input stream. Users who rely on
blocklists are affected (the default in Debian). We strongly recommend to
use the whitelist approach of XStream's Security Framework because there
are likely more class combinations the blacklist approach may not address.
Checksums-Sha1:
75d14cdeaef834d1489f9d5cc039b5ff723d27a7 2588 libxstream-java_1.4.11.1-1+deb10u1.dsc
958ef46115948865e5abd02b71cce149950dbc3d 445116 libxstream-java_1.4.11.1.orig.tar.xz
808047ace349f1289b3fd22083f7bf36da93d936 9632 libxstream-java_1.4.11.1-1+deb10u1.debian.tar.xz
65d55b30e91485ef9e325d74a81282cfe98a2053 538428 libxstream-java_1.4.11.1-1+deb10u1_all.deb
cb09205b1e75899d35c964f95ab6b84db9d41f72 16333 libxstream-java_1.4.11.1-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
ea3ae764b43ba2bfa01317e401157711b1a9a2681a1cb20855c7bcd83c2cd8b3 2588 libxstream-java_1.4.11.1-1+deb10u1.dsc
24eb3173a9c4be2d30cdf7271336870c147e1bb0cee0bcc512d6198d7a12d038 445116 libxstream-java_1.4.11.1.orig.tar.xz
8d9df9f0c224d08ccaa0e8af198cf2517b68de6178368ae584051375a96b0698 9632 libxstream-java_1.4.11.1-1+deb10u1.debian.tar.xz
caed67069706594dcc6fe64470e9c10233e02417295650310e98f4ebf605ca98 538428 libxstream-java_1.4.11.1-1+deb10u1_all.deb
0f9d6f70ef68c8f47805d44b2464d7d4fa12eb223cf8fb87584d4c1cc14a80d4 16333 libxstream-java_1.4.11.1-1+deb10u1_amd64.buildinfo
Files:
9ff60a7a494d3214d269e847f1701ae8 2588 java optional libxstream-java_1.4.11.1-1+deb10u1.dsc
57da21b324c393f8fb239e3f73626419 445116 java optional libxstream-java_1.4.11.1.orig.tar.xz
f3b24616aca4fcb3217c4ffefdba4ac4 9632 java optional libxstream-java_1.4.11.1-1+deb10u1.debian.tar.xz
2db07d337fe4e9d6464d0870295325d4 538428 java optional libxstream-java_1.4.11.1-1+deb10u1_all.deb
25918a3b8c2ae5caa9afd2f6f1d42130 16333 java optional libxstream-java_1.4.11.1-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl/WisZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk1NUP/01y1fH3mVJ/+ChjUSLFfvP2ie2+iqoTmgD9
ehSBGpAG1FB+GaRDJAx7yjgCcGANleIDRT88ydGU9ox0iv+dqO7d2wjtE0JO0Ade
BMJ7XSnLhrlb7xlAk7PS0zlhdF7GrPe8ntu49Lm2OqRRIg8SkYAjPZLw7nvBadnX
7eX9zitkWrgm112hZgPoEVFwGhONLOsFrz0pEa7yaYQMTm2teuppJ4lqMPhMBhPY
ifnsN8Mlu37iZk+gU84GdPaK6Ui2i70oTr5nfd6lyyQbV9VVJk6U0I18b0Zw3Hgq
LsTXzvaswAQ/Bh+abvBfoNaK9l1W/KHFzqV9Z7WbmGZN46J8hiBG5/Hy0NFXqNX0
11erTbb7cR0MO+YvQJc2zTwrbMcRJdSzordjoyraBAF2spAsGnLAIQPPIV25zSdP
9K4s3m/IKgUAshxtU38Cz5+PcBeD/yOCWlwImqRmeOV9kX9nTjTfqBS93bloDmFQ
9A3SU1y+9eoaTbKYHpAp6W9oko+RU3CRcyM6evuXteCxUF9bGrdJH3RyK+zz83t2
dEbxvkwLvTIvXfGNCbmQqq+0JbJZKmkkInV8o4w1M98oEPK26d92oZ1hjGmtkP/f
KBj7cJT0AYbFUSKWsyEPkas+yKZQ0n7WDBC+clIf0kTF778qmEVUZONzbvlq9YdG
g4tp9DwW
=3xza
-----END PGP SIGNATURE-----