Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted libxstream-java 1.4.11.1-1+deb10u2 (source) into proposed-updates->stable-new, proposed-updates
Date: Sat, 09 Jan 2021 22:33:33 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 31 Dec 2020 14:15:35 +0100
Source: libxstream-java
Architecture: source
Version: 1.4.11.1-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 libxstream-java (1.4.11.1-1+deb10u2) buster-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2020-26258:
     XStream is vulnerable to a Server-Side Forgery Request which can be
     activated when unmarshalling. The vulnerability may allow a remote attacker
     to request data from internal resources that are not publicly available
     only by manipulating the processed input stream.
   * Fix CVE-2020-26259:
     Xstream is vulnerable to an Arbitrary File Deletion on the local host when
     unmarshalling. The vulnerability may allow a remote attacker to delete
     arbitrary known files on the host as long as the executing process has
     sufficient rights only by manipulating the processed input stream.
Checksums-Sha1:
 de4bf90a01a1fded61955776c68c71189b5d7802 2591 libxstream-java_1.4.11.1-1+deb10u2.dsc
 82a343682d868dbaeccac133d4fd7417af773213 11140 libxstream-java_1.4.11.1-1+deb10u2.debian.tar.xz
 a3ee8843236ef9054d66e3dc92f0dda7597e3fae 16341 libxstream-java_1.4.11.1-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 6c8ff9c70eded5a4d051f18fc18d53b02941010b1a2d6a24511cbdd556a1bca8 2591 libxstream-java_1.4.11.1-1+deb10u2.dsc
 416f144df987d9b8f241d9f5639cd8f7698eeb69b62cc2d6396a3ef189088543 11140 libxstream-java_1.4.11.1-1+deb10u2.debian.tar.xz
 27bdaf3afac8f99f9fff1d328dbd9b7cc84d5ebdfa7032f4db78b66901b08a87 16341 libxstream-java_1.4.11.1-1+deb10u2_amd64.buildinfo
Files:
 49440f63293cb30cf45897e45e0daef7 2591 java optional libxstream-java_1.4.11.1-1+deb10u2.dsc
 576da1441ae932b78e6b733bb1aba4c9 11140 java optional libxstream-java_1.4.11.1-1+deb10u2.debian.tar.xz
 ca5476e5320636f14d1f8fd3a23dd8ac 16341 java optional libxstream-java_1.4.11.1-1+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl/02tlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkN9sP/0k+2N7dqDzA5ZnXnRxSw6Ke8pW6aLCk4jg0
YSp2bNGn9z+fjm0sSZLXg34WE+LaOU8/pKSVpgLHWYZi7t0rMulfJvgrRYZ/C5Hr
u0FWN7G2D+KI1qpxXZImcxt9x46iUCW8cqIMHqMm6HSYNHqm5vfD1gubm44/m+Xi
/oAo2rE/K9Rf2nzKtGXjhiela6KppjZaV7Kurggy1csfbt3G2uxAkosK47z+5vjz
ppKtzGU/SdLzEtl3BdMU/LGbW7saYjDQHRzfOMqUE1xMkH7n0BPyx8kz3wCUASAH
Qzd1dq/kBHAztBxCPyG8IflnMVXQK+/M3E82O8u/kfITb4PE2Rqp8NkNbFHNYZ+E
kYxM3wkmRv2vX22C8gNXufHHI7Po7ivmyiSByZpxMw+PNRec/13fHjMT1vkhqaqm
q3q6cu+mQhxzBzyIwwg18RiZaR4lDpiqW9RaYV7g1kho/JKM94B8yafNMGCW36N4
rK9zSKHUZH9FPXw0qGzIMHEaH3yGIOBgiJcsbJK7CBY4gbJRvb9tjx9dIi5tMHmL
M92qH2j7AlU4cxwlDCRl2s/j5jAo7/w5z3rQXkTlS2xnwR38r1I2IfV3v9Z2MXPZ
jU0hn0QvzSz7fx8hcujob5U/QNP53811FM8+JY0BRCPg6bcXg71IKWH2Dzin1Pmi
bYQdAGJU
=ddmX
-----END PGP SIGNATURE-----

News for package libxstream-java