-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Dec 2020 01:51:35 +0100 Source: libxstream-java Architecture: source Version: 1.4.15-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 977624 977625 Changes: libxstream-java (1.4.15-1) unstable; urgency=medium . * Team upload. * New upstream version 1.4.15. (Closes: #977624, #977625) - Fix CVE-2020-26258: A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. - Fix CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. Thanks to Salvatore Bonaccorso for the report. * Ignore dependency on libjaxws-java. Checksums-Sha1: f85ea105e4bcd51ffd14da6c42c6f358dd427d7b 2520 libxstream-java_1.4.15-1.dsc 8267825391de4a4557308186cecfadc22d21c4d5 452396 libxstream-java_1.4.15.orig.tar.xz c8758124cd0277c2746864ea29e33f24b4d0e7fa 7196 libxstream-java_1.4.15-1.debian.tar.xz 39bcbe4128cacf760f4388f317d65bcfdd505922 16193 libxstream-java_1.4.15-1_amd64.buildinfo Checksums-Sha256: 2ac841345aaa72e0c6f029e274911893b8214054fe009804c914d1365650b1a8 2520 libxstream-java_1.4.15-1.dsc f905ff9b5d3b7c25914b263903a295d682b476e33d36af7e04a0bee304ad2040 452396 libxstream-java_1.4.15.orig.tar.xz ccbedf59fe6f99a359c69eb22b31ef18a3a5603315417be1c2e49a0d305e313e 7196 libxstream-java_1.4.15-1.debian.tar.xz fe9e738c2e16b87551e19fad79a225541dc834d66d2e24bba31cb388fe303a3e 16193 libxstream-java_1.4.15-1_amd64.buildinfo Files: 96afc8238b4c2021a9ff5f860b54127c 2520 java optional libxstream-java_1.4.15-1.dsc 323ce40bd51667f31247316f07e14b16 452396 java optional libxstream-java_1.4.15.orig.tar.xz 83097a41beffa169ee44f27ce1a25e1e 7196 java optional libxstream-java_1.4.15-1.debian.tar.xz dacc286a3ecc4056060b6c5fe00b938b 16193 java optional libxstream-java_1.4.15-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl/dIG1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkevcP/08FrXg2jEVM+sedWnRFa0gE4+iHA4jYGLak QtK084jP/TwtlB4Y4ABgC3GgvoBEx6lJEdpXwZxFMhzlYeOLgSIAwORMVNjyntPF 2EGHhP5DeEYo0pO824yvf3NPpO74PFiuCFUnrTO0wYWVnnvX2xGzsxX4C4L84gf+ ryx8jjQvDn6DYETlmZMY9+Q+JwoqIVOJOwdq641Nxijks/wtzH6V6lxQw6OcR4w6 s+ye1GW+x49tPWy1rXOi1mTuU/BHblq3eOyQwcv/V0wS59AiPUb30mw1CgeAYukp IekHil2xnbAoHVi4D4/6UF/wjtsZDr99PrfXYVfSonYnbNVpKHw2zWN1rfBYH7ZM z2KEp/cFtPhvs0al/L1RjBBRZL9kDVdLnDe8G/Tzd9QEFj74wswECz43MeDMaUuM YVgCpgG1CbUn/JFTrJQQYnrYpqeYYRUG8GRwHhHRi0PEKDXTtRR47DPo3E2X7rAZ XRqLYyODFJi+Oflj2xIUlu3hiQbzGul6dF2135OrbpDFIOPCmM7mOTL6v/HM1aaj rDGWzXM0VldOY4czBUp/vgovymtJoyIK0UR4xIUi+82VNfjNMFORP8Uh+P5K4PKf wLh1mV5okOMbdTFWgJlekv5djc/Wbgn7zdjA/amnI4+oKX0Oo3OZzzHHsa9Xlr5e dT/B2GhH =lezv -----END PGP SIGNATURE-----
