[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted libxstream-java 1.4.15-3+deb11u3 (source) into oldstable-security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Dec 2024 18:58:45 +0000
Source: libxstream-java
Architecture: source
Version: 1.4.15-3+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1087274
Changes:
 libxstream-java (1.4.15-3+deb11u3) bullseye-security; urgency=medium
 .
   * Team upload by LTS team
   * Fix CVE-2021-43859: Denial of Service (DoS) by injecting
     highly recursive collections or maps. The vulnerability
     may allow a remote attacker to allocate 100% CPU time
     on the target system depending on CPU type or parallel
     execution of such a payload resulting in a denial of
     service only by manipulating the processed input stream.
   * Fix CVE-2021-43859: This vulnerability may allow a remote
     attacker to terminate the application with a stack
     overflow error resulting in a denial of service only by
     manipulating the processed input stream when XStream
     is configured to use the BinaryStreamDriver
     (Closes:  #1087274)
Checksums-Sha1:
 0e952039d60b9978f211d005c37b8e2fd33c5a0d 2429 libxstream-java_1.4.15-3+deb11u3.dsc
 8267825391de4a4557308186cecfadc22d21c4d5 452396 libxstream-java_1.4.15.orig.tar.xz
 1c1cc69ac1d05369e7982dc8d9e0754373e0979f 17340 libxstream-java_1.4.15-3+deb11u3.debian.tar.xz
 54fdad70e40d7b2b1cf51bcdcbb5a4deba6e1bf9 16948 libxstream-java_1.4.15-3+deb11u3_amd64.buildinfo
Checksums-Sha256:
 9110079aadb72b2a2c671d5ab6ede45e27c0d45794173f30b7733a83437ef0cd 2429 libxstream-java_1.4.15-3+deb11u3.dsc
 f905ff9b5d3b7c25914b263903a295d682b476e33d36af7e04a0bee304ad2040 452396 libxstream-java_1.4.15.orig.tar.xz
 26a77150b34709ae4ef54742a0b42bee957797e6b1774673b47094d2886cb42e 17340 libxstream-java_1.4.15-3+deb11u3.debian.tar.xz
 92f4ffd964e251728796b539451d141c85eeff786f4363974685d278bdbcc8c4 16948 libxstream-java_1.4.15-3+deb11u3_amd64.buildinfo
Files:
 e0e1d3f6357fd1edf0c390286bb1a9ea 2429 java optional libxstream-java_1.4.15-3+deb11u3.dsc
 323ce40bd51667f31247316f07e14b16 452396 java optional libxstream-java_1.4.15.orig.tar.xz
 8317c5771f5f25d50888d8b8d8c7148d 17340 java optional libxstream-java_1.4.15-3+deb11u3.debian.tar.xz
 325c028034c7b21d87c9116ff68b2e88 16948 java optional libxstream-java_1.4.15-3+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdnLjIRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9ZUBAAmpBP4DSA34p9p2nFFtqsolJX2Vh8twSB
iquKvD219WTpR4e0ye6YqRKUMthzChLs3V37wZqLe6Daih+F3cbUeRPlNqM21WKP
tQykCLk7743uU4Vcu4noArLXTNqrl6dbIiuFreWaDwKrcOTI/D1oSFzt7GmpDScR
hEfBF0cNHKBqu8OVgEXcV9/DZlrvrbNUVlT9MWEEodgEyoKeNodXm+pqaPwVRCkn
tnGA19dhH1kv+QOzKXsF9RWvvGdhV/UmH/xzT+iRHJr9imwnWN3LtT5rdcgWSBZc
I2hshuz23MhMc/rTPUsjTgNk1+1W1wNW2I8ddpl9gRrWOYEzeP2y8eM/Rw91Afdt
zM35K1W1lsCE1reOc0Uw0F/cuPLW6r+EqW6NV3NznWjfDn+5GA6iue+0Voc2AIbc
FwapFiwMWCEp3eww0QravMqFp5g6rKkoO8x/vCSdA40a6uAkvwMpNy9OkdqF6EmU
0ECa+kUlR3EeBgZXNAn4say4/tLNR84kOAXI6TrRQasHN8T8OFBMqhaqXzaoBNFN
m6opPPBreL1ogozE4ABMrz01HwyAK1A6h2Znx0DLGvUtVTCrtqj3veHp/ds4Nsgy
lkaER4KoB5ZKhYYdIUmYTmLvSM9CbXKZVU+4EveDMt7MDeVuv6lvwgj6IhwStlsL
q7628n0pLL4=
=XXxL
-----END PGP SIGNATURE-----

Attachment: pgpFy9pnXiPhV.pgp
Description: PGP signature

Reply to: