Package list libxstream-java / c1ecc21
Update changelog Markus Koschany 7 months ago
1 changed file(s) with 14 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
0 libxstream-java (1.4.15-1) unstable; urgency=medium
1
2 * Team upload.
3 * New upstream version 1.4.15. (Closes: #977624, #977625)
4 - Fix CVE-2020-26258: A Server-Side Forgery Request can be activated
5 unmarshalling with XStream to access data streams from an arbitrary URL
6 referencing a resource in an intranet or the local host.
7 - Fix CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion
8 on the local host when unmarshalling as long as the executing process has
9 sufficient rights.
10 Thanks to Salvatore Bonaccorso for the report.
11
12 -- Markus Koschany <apo@debian.org> Fri, 18 Dec 2020 01:51:35 +0100
13
014 libxstream-java (1.4.14-1) unstable; urgency=medium
115
216 * Team upload.