[SECURITY] [DLA 930-1] libxstream-java security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : libxstream-java
Version : 1.4.2-1+deb7u2
CVE ID : CVE-2017-7957
Debian Bug : #861521
It was discovered that there was a remote application crash vulnerability in
libxstream-java, a Java library to serialize objects to XML and back again.
This was due to mishandled attempts to create an instance of the primitive type
'void' during unmarshalling.
For Debian 7 "Wheezy", this issue has been fixed in libxstream-java version
1.4.2-1+deb7u2.
We recommend that you upgrade your libxstream-java packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkG+IoACgkQHpU+J9Qx
HlhLQw/+Kyjbn3LE8EdvPGrn+ayJ3Z6LWs7neiavAGTRGnXpBPGgDfQUdTroGzFR
3NEmH2RvV+BWvMlkty8qhaCJYrF2wf98Do27dRL7NCDh5zRLt5BrJqo67M5Sdo0K
5AjQltvCOqEKNFbxceGFtmcfOgfAXwVhhTiPdHxzryZQqJ+vYPgyBlWS067Rxq8d
XmI+OPyDvuWhEmupxsr0nCxchYzGDp3/O9FOr5JHqB80lxdWIJvGQNDDi2w4myBS
YPcEkih7uNLWTj1I21jPU3lel8PMr0SMNIP0XecYHGNUUGiq0rZkGjtY1etggxxf
daLTxDWoXc+7FMB9kaLx390dkHIHc7xIsOBzcawq5oCK5FTDPqo7fBtqy1IEvAp2
vAYe2JcyEnSRsOeBaISuteuhTyTCdyAkbVbtRJW1ngkq6r9ojQGZ61rtxuUL8bjF
yx7ZlLaB+FTsZip8IJZZKsa6MYXUYgXBctEeWKPLEiSDJLKndhxq3YLNwXIT7+6f
kKj6pMD2Zsdb8GXvkTTZABfspnssgv4SEbEGQaxHhY//4RLXn0Pa1QG5YajqBDI/
25ZnuDu8sKUlKMur7zneBNTSv7oV4wUPoknnCYAg6tXYaf/+yPxkoJaW+F38Qp/c
ZkBPsQgXdHOajttzGNzi6K5uR+s9EMhwK4mA8IzALjKzPCEAEEk=
=ylHE
-----END PGP SIGNATURE-----
Reply to: