Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libxmlrpc3-java 3.1.3-7+deb8u1 (source all) into oldoldstable
Date: Thu, 30 Jan 2020 14:00:18 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 30 Jan 2020 14:30:39 +0100
Source: libxmlrpc3-java
Binary: libxmlrpc3-common-java libxmlrpc3-client-java libxmlrpc3-server-java libxmlrpc3-java-doc
Architecture: source all
Version: 3.1.3-7+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libxmlrpc3-client-java - XML-RPC implementation in Java (client side)
 libxmlrpc3-common-java - XML-RPC implementation in Java
 libxmlrpc3-java-doc - XML-RPC implementation in Java (API documentation)
 libxmlrpc3-server-java - XML-RPC implementation in Java (server side)
Changes:
 libxmlrpc3-java (3.1.3-7+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-17570:
     An untrusted deserialization was found in the
     org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache
     XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a
     XML-RPC client causing it to execute arbitrary code.
 .
     Clients that expect to get server-side exceptions need to set the
     enabledForExceptions property to true in order to process serialized
     exception messages.
Checksums-Sha1:
 08601c1e77b3b9c935a39e4a10faa42774783d08 2752 libxmlrpc3-java_3.1.3-7+deb8u1.dsc
 e2500160db7bd0f3c35aff2b99f5d0f5b2dc503f 170246 libxmlrpc3-java_3.1.3.orig.tar.gz
 e96bf1c91865ca7c68227523ef2a3b894fee2e48 6940 libxmlrpc3-java_3.1.3-7+deb8u1.debian.tar.xz
 6f51c504da90f61f7ce7ffec03f416cc7824bc13 94702 libxmlrpc3-common-java_3.1.3-7+deb8u1_all.deb
 ae61f8d083d0f54d9edf3cfdbcb8ef8f3c000ff5 50868 libxmlrpc3-client-java_3.1.3-7+deb8u1_all.deb
 64fd9d3ce710008aa72d7ae7aa4131b3623e7e7d 72926 libxmlrpc3-server-java_3.1.3-7+deb8u1_all.deb
 d34b827c959de6b0682fc3d5840963c2c16397f8 186808 libxmlrpc3-java-doc_3.1.3-7+deb8u1_all.deb
Checksums-Sha256:
 2d409c082840df7a0f1694c84e5a386588a68a352949233d9f7954fe5e48afb6 2752 libxmlrpc3-java_3.1.3-7+deb8u1.dsc
 659671d30eed83ed28a79d448b0960e93c6cc42d371058a375ea6ecdd66e1ad6 170246 libxmlrpc3-java_3.1.3.orig.tar.gz
 0e6ab221009f34a1399dbc6bfdf922cc6a952309e4a8ae8fabdd41b98dd432d8 6940 libxmlrpc3-java_3.1.3-7+deb8u1.debian.tar.xz
 e82a09a571e2f123f537c6b4cb321b4fd3934837cc9a8c94e41fb78d6a67a141 94702 libxmlrpc3-common-java_3.1.3-7+deb8u1_all.deb
 6997ebc7c89efe177cf19580116205f34ac314c389032be8f8a6f64987d179f2 50868 libxmlrpc3-client-java_3.1.3-7+deb8u1_all.deb
 67633a8f284c676a5e3dc85ee119d44fa57842a1dc2d20182aa203c893e89ac4 72926 libxmlrpc3-server-java_3.1.3-7+deb8u1_all.deb
 f887779eadada72cba9e1468c39e214ac630e591f1ad8182a8dca0033faac5ca 186808 libxmlrpc3-java-doc_3.1.3-7+deb8u1_all.deb
Files:
 d9017459d1eece1e6329d564acdbdead 2752 java optional libxmlrpc3-java_3.1.3-7+deb8u1.dsc
 dc69f66876a8c75824b23766d7bf0d91 170246 java optional libxmlrpc3-java_3.1.3.orig.tar.gz
 5cb4324a40d6181306dab13f4ed2070f 6940 java optional libxmlrpc3-java_3.1.3-7+deb8u1.debian.tar.xz
 b7e7810012d883d90ba32fee6a0657e2 94702 java optional libxmlrpc3-common-java_3.1.3-7+deb8u1_all.deb
 1c9d0618e3887b1c1ecdb87d94ec10d8 50868 java optional libxmlrpc3-client-java_3.1.3-7+deb8u1_all.deb
 294f4a13b535e43fcc46a63c96a552b6 72926 java optional libxmlrpc3-server-java_3.1.3-7+deb8u1_all.deb
 7d324bed42e2b51c19a6fd9a9ed1aeef 186808 doc optional libxmlrpc3-java-doc_3.1.3-7+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4y3VRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkUxsQAKMIQ5U7yA6eomCM76NsAMWjHhWOb9GRAtiC
n2JECCQbLV2JJJ5eI3Z0u6TzFKvkFBzq3NY6RncXRr0leq/7Z5CdgcuWL+eVa5vP
I57NAU2LqEJ0vfYVW1hZB9Yqe+vR5kRVB+gMxd+feEfV3P0JWMR7JfPg3q4A6U0n
1kpx+HRDP3PFr8E7zlxfZyx+RhtYJ6LWnzh1g8UTZ7zm4C3PWma5Aot267Whjnsf
92955siToaMsLgWhesEGYHJxNtNpdeFugsMduj8FEquX1cL3aTTj3qpxmcVa1AOV
Eco62yR8lrXe7u0WVI2Fj3s75oufg6qzGgb1nGnZPV8L0LLnqkWHIvTD+PweSi5m
biYlNWDwAbQkv9w8TACN0pjQwyHpRV+mTrJa68jff1k9Xaph6tkR6Pc0rWG98gdW
kZsG8K16GR6E2czXq4qUosngYJ7fIFPVABQb+3e/4PIj1V9rjGVh48c/Txv+7lIA
dWclr0o/QTno835ZYGGe6fRWSqoun5u4qB447ui46iU/ImLuzsMx1JqL4ZcykVEG
0miu9hvaM1nkgnx10gupBgC5rI81+2HmomQ1pLi1VsYc0IKZPYlXLF8KkUML4w8k
keAQl//qxJvT5wScNGHfllYnf3QH2zEqqVYwaCqwPrMC6XiVI0WgNLUf4JWpAPrw
6NbLWRZD
=wtS4
-----END PGP SIGNATURE-----
News for package libxmlrpc3-java
