Update changelog
Markus Koschany
3 years ago
0 | libxstream-java (1.4.15-1) unstable; urgency=medium | |
1 | ||
2 | * Team upload. | |
3 | * New upstream version 1.4.15. (Closes: #977624, #977625) | |
4 | - Fix CVE-2020-26258: A Server-Side Forgery Request can be activated | |
5 | unmarshalling with XStream to access data streams from an arbitrary URL | |
6 | referencing a resource in an intranet or the local host. | |
7 | - Fix CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion | |
8 | on the local host when unmarshalling as long as the executing process has | |
9 | sufficient rights. | |
10 | Thanks to Salvatore Bonaccorso for the report. | |
11 | ||
12 | -- Markus Koschany <apo@debian.org> Fri, 18 Dec 2020 01:51:35 +0100 | |
13 | ||
0 | 14 | libxstream-java (1.4.14-1) unstable; urgency=medium |
1 | 15 | |
2 | 16 | * Team upload. |