-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 06 Feb 2020 18:19:21 +0100 Source: libxmlrpc3-java Binary: libxmlrpc3-common-java libxmlrpc3-client-java libxmlrpc3-server-java libxmlrpc3-java-doc Architecture: source all Version: 3.1.3-8+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libxmlrpc3-client-java - XML-RPC implementation in Java (client side) libxmlrpc3-common-java - XML-RPC implementation in Java libxmlrpc3-java-doc - XML-RPC implementation in Java (API documentation) libxmlrpc3-server-java - XML-RPC implementation in Java (server side) Closes: 949089 Changes: libxmlrpc3-java (3.1.3-8+deb9u1) stretch-security; urgency=high . * Team upload. * Fix CVE-2019-17570: An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. . Clients that expect to get server-side exceptions need to set the enabledForExceptions property to true in order to process serialized exception messages. (Closes: #949089) Checksums-Sha1: af2747867aad06e9caf5c65b9bd3b1d9e207b687 2742 libxmlrpc3-java_3.1.3-8+deb9u1.dsc e2500160db7bd0f3c35aff2b99f5d0f5b2dc503f 170246 libxmlrpc3-java_3.1.3.orig.tar.gz 527c7897ba46906a52636d4783bf02eb6b20c173 8264 libxmlrpc3-java_3.1.3-8+deb9u1.debian.tar.xz 78564d8840d0b9e43fdf0b839249262067916e45 50884 libxmlrpc3-client-java_3.1.3-8+deb9u1_all.deb d0b107392e7308ea1820281d3050409c21cf41fd 94106 libxmlrpc3-common-java_3.1.3-8+deb9u1_all.deb c462070dce650fb0a32f880a110c5f830f0638e9 173098 libxmlrpc3-java-doc_3.1.3-8+deb9u1_all.deb aebc6feaece52330496e2983752cbbe5a9a333c9 16661 libxmlrpc3-java_3.1.3-8+deb9u1_amd64.buildinfo 7070a244a7e2bf0ec5f1dbbce9a4db46579fa359 73948 libxmlrpc3-server-java_3.1.3-8+deb9u1_all.deb Checksums-Sha256: 50d8d9f7c7a45700f150727fa2ce90ce207af5bd4ca482f555ccf1f16c2ce590 2742 libxmlrpc3-java_3.1.3-8+deb9u1.dsc 659671d30eed83ed28a79d448b0960e93c6cc42d371058a375ea6ecdd66e1ad6 170246 libxmlrpc3-java_3.1.3.orig.tar.gz 4b23c442cb69553719ff1f8472aef443df46955059e1084bab7e62001cda6fdf 8264 libxmlrpc3-java_3.1.3-8+deb9u1.debian.tar.xz d00962b7c7a4cd84b11361d421ff7d6a4b5826890feb6e2e96caace073622b5f 50884 libxmlrpc3-client-java_3.1.3-8+deb9u1_all.deb 359c170d0fedceface19bcce554b7e8bef53dd1fdcae43eaf3e16418fab05569 94106 libxmlrpc3-common-java_3.1.3-8+deb9u1_all.deb b11c8c4bcbd0f99c8391f8a3d54a9faa7a22208147f2e881a1738f4e305ad8fa 173098 libxmlrpc3-java-doc_3.1.3-8+deb9u1_all.deb 97cce35597d2da81286ff3c54131860e78f7c32c47f4200f5f334781b9bb9c85 16661 libxmlrpc3-java_3.1.3-8+deb9u1_amd64.buildinfo 59631d1f75ceeeeb3588b2f607a17b5863eec04c70b3c9daefb107c4caa4622c 73948 libxmlrpc3-server-java_3.1.3-8+deb9u1_all.deb Files: 68c7a644de4c149fcf560486f6f7970a 2742 java optional libxmlrpc3-java_3.1.3-8+deb9u1.dsc dc69f66876a8c75824b23766d7bf0d91 170246 java optional libxmlrpc3-java_3.1.3.orig.tar.gz febc2986120e42ea84b5ae1ad819b45b 8264 java optional libxmlrpc3-java_3.1.3-8+deb9u1.debian.tar.xz cc6e28a24f64a68e4095e3b13b1aa32d 50884 java optional libxmlrpc3-client-java_3.1.3-8+deb9u1_all.deb 2fd18b985625749fc5f177e9c99c3fdf 94106 java optional libxmlrpc3-common-java_3.1.3-8+deb9u1_all.deb 8b5c7a26d1e05af3a5912aa91c4cf065 173098 doc optional libxmlrpc3-java-doc_3.1.3-8+deb9u1_all.deb 867bcd6bb5772cc9455f6dd5c4e61a2a 16661 java optional libxmlrpc3-java_3.1.3-8+deb9u1_amd64.buildinfo e8e3a7adfc971f84c95aa433fae1ed52 73948 java optional libxmlrpc3-server-java_3.1.3-8+deb9u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl48VRhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkZkEP/3n4USHO9ha3v2H/slp6hCIIkLTd+aEGT+9L 35cbsUrK/Mf6YGubNoqDJO4/CtXR+otG/K/M2oZAoACsrN+9NendqarjiziB+/Uj s4P8MSEo5dTvoeyOosOFqhWVoR4LOwjdVQfPaNTwNY9rZqjNWhTd2swJNPRdrmWa 3kXl4OpZcRUC//I77CPeXbGJKg42eRa085CzldUT+UgWNCEy2fP2gB2P1nYhFC0R kYDmbYILhcxeZEWfHezbCqc20SLZIG7PYzIbxTWdzuO99KLqMoKAbSsXBIB2UuFM emMTvy59WeaaJa8WTQlXyWzvad/jQFEWfO6Ofl5H0CswiFI8qONVGn71XK5Z3mbK fWpng52gfYOz1pDQUaPFE9e/si6iwFyqGbGQJj/UV56vuV2t0yPtIxvThAXaSBAk /AceoOo79aKA2IAPZkZE+IthADzwFfvvzHr7wOZoVJAHZL2HG/Jz4jzsCHsBV3lt ROwVKN7tCuvc/LZ1YUlQEYICu1lfkBRKoqdQbwEbVmjglOoKSQsZ0vGnhpHC+CNu WkUCD0yX/kNLh+ktW/rcaFQnnV52mGD16abjo8Rw6a8vnAsvrHZ/eon3rXzscWXw ZEZBj3nGRKZLNS+EOAXO6EaJwOC98M024lyrRhTnJE94wQHJyCN0Ek6DS9mPHyNe It4nUKpT =/KXM -----END PGP SIGNATURE-----