libxstream-java_1.4.11.1-1+deb10u2_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Jan 9 22:33:33 GMT 2021
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 31 Dec 2020 14:15:35 +0100
Source: libxstream-java
Architecture: source
Version: 1.4.11.1-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Changes:
libxstream-java (1.4.11.1-1+deb10u2) buster-security; urgency=high
.
* Team upload.
* Fix CVE-2020-26258:
XStream is vulnerable to a Server-Side Forgery Request which can be
activated when unmarshalling. The vulnerability may allow a remote attacker
to request data from internal resources that are not publicly available
only by manipulating the processed input stream.
* Fix CVE-2020-26259:
Xstream is vulnerable to an Arbitrary File Deletion on the local host when
unmarshalling. The vulnerability may allow a remote attacker to delete
arbitrary known files on the host as long as the executing process has
sufficient rights only by manipulating the processed input stream.
Checksums-Sha1:
de4bf90a01a1fded61955776c68c71189b5d7802 2591 libxstream-java_1.4.11.1-1+deb10u2.dsc
82a343682d868dbaeccac133d4fd7417af773213 11140 libxstream-java_1.4.11.1-1+deb10u2.debian.tar.xz
a3ee8843236ef9054d66e3dc92f0dda7597e3fae 16341 libxstream-java_1.4.11.1-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
6c8ff9c70eded5a4d051f18fc18d53b02941010b1a2d6a24511cbdd556a1bca8 2591 libxstream-java_1.4.11.1-1+deb10u2.dsc
416f144df987d9b8f241d9f5639cd8f7698eeb69b62cc2d6396a3ef189088543 11140 libxstream-java_1.4.11.1-1+deb10u2.debian.tar.xz
27bdaf3afac8f99f9fff1d328dbd9b7cc84d5ebdfa7032f4db78b66901b08a87 16341 libxstream-java_1.4.11.1-1+deb10u2_amd64.buildinfo
Files:
49440f63293cb30cf45897e45e0daef7 2591 java optional libxstream-java_1.4.11.1-1+deb10u2.dsc
576da1441ae932b78e6b733bb1aba4c9 11140 java optional libxstream-java_1.4.11.1-1+deb10u2.debian.tar.xz
ca5476e5320636f14d1f8fd3a23dd8ac 16341 java optional libxstream-java_1.4.11.1-1+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl/02tlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkN9sP/0k+2N7dqDzA5ZnXnRxSw6Ke8pW6aLCk4jg0
YSp2bNGn9z+fjm0sSZLXg34WE+LaOU8/pKSVpgLHWYZi7t0rMulfJvgrRYZ/C5Hr
u0FWN7G2D+KI1qpxXZImcxt9x46iUCW8cqIMHqMm6HSYNHqm5vfD1gubm44/m+Xi
/oAo2rE/K9Rf2nzKtGXjhiela6KppjZaV7Kurggy1csfbt3G2uxAkosK47z+5vjz
ppKtzGU/SdLzEtl3BdMU/LGbW7saYjDQHRzfOMqUE1xMkH7n0BPyx8kz3wCUASAH
Qzd1dq/kBHAztBxCPyG8IflnMVXQK+/M3E82O8u/kfITb4PE2Rqp8NkNbFHNYZ+E
kYxM3wkmRv2vX22C8gNXufHHI7Po7ivmyiSByZpxMw+PNRec/13fHjMT1vkhqaqm
q3q6cu+mQhxzBzyIwwg18RiZaR4lDpiqW9RaYV7g1kho/JKM94B8yafNMGCW36N4
rK9zSKHUZH9FPXw0qGzIMHEaH3yGIOBgiJcsbJK7CBY4gbJRvb9tjx9dIi5tMHmL
M92qH2j7AlU4cxwlDCRl2s/j5jAo7/w5z3rQXkTlS2xnwR38r1I2IfV3v9Z2MXPZ
jU0hn0QvzSz7fx8hcujob5U/QNP53811FM8+JY0BRCPg6bcXg71IKWH2Dzin1Pmi
bYQdAGJU
=ddmX
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list