note to changelog (1.4.11.1-1+deb10u3) for buster-security
Hideki Yamane
2 years ago
0 | libxstream-java (1.4.11.1-1+deb10u3) buster-security; urgency=high | |
1 | ||
2 | * Team upload. | |
3 | * Fix CVE-2021-29505: | |
4 | - The vulnerability may allow a remote attacker has sufficient rights | |
5 | to execute commands of the host only by manipulating the processed | |
6 | input stream. No user is affected, who followed the recommendation | |
7 | to setup XStream's security framework with a whitelist limited to | |
8 | the minimal required types. | |
9 | ||
10 | -- Hideki Yamane <henrich@debian.org> Thu, 17 Jun 2021 22:02:16 +0900 | |
11 | ||
0 | 12 | libxstream-java (1.4.11.1-1+deb10u2) buster-security; urgency=high |
1 | 13 | |
2 | 14 | * Team upload. |