Update changelog
Markus Koschany
3 years ago
| 0 | libxstream-java (1.4.15-1) unstable; urgency=medium | |
| 1 | ||
| 2 | * Team upload. | |
| 3 | * New upstream version 1.4.15. (Closes: #977624, #977625) | |
| 4 | - Fix CVE-2020-26258: A Server-Side Forgery Request can be activated | |
| 5 | unmarshalling with XStream to access data streams from an arbitrary URL | |
| 6 | referencing a resource in an intranet or the local host. | |
| 7 | - Fix CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion | |
| 8 | on the local host when unmarshalling as long as the executing process has | |
| 9 | sufficient rights. | |
| 10 | Thanks to Salvatore Bonaccorso for the report. | |
| 11 | ||
| 12 | -- Markus Koschany <apo@debian.org> Fri, 18 Dec 2020 01:51:35 +0100 | |
| 13 | ||
| 0 | 14 | libxstream-java (1.4.14-1) unstable; urgency=medium |
| 1 | 15 | |
| 2 | 16 | * Team upload. |