Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libjettison-java 1.4.0-1+deb10u1 (source) into oldstable
Date: Thu, 10 Nov 2022 00:00:21 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 10 Nov 2022 00:46:44 CET
Source: libjettison-java
Architecture: source
Version: 1.4.0-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 17e9de0429970cc1b3ddf27a3eb9e415b5760126 2284 libjettison-java_1.4.0-1+deb10u1.dsc
 d045a60915f2dbd7af3df94580b0dabf47f9b20b 51596 libjettison-java_1.4.0.orig.tar.xz
 4d472ebb0182b22109663a9d4d8a6939144c7c64 3776 libjettison-java_1.4.0-1+deb10u1.debian.tar.xz
 579fa1db99bdc0b385ba25df5c456654b6b8db40 13562 libjettison-java_1.4.0-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 af44025cfacc4bb8e3ea50a42f24e699d0681e2f4a888dc4b50be7ea82c3db2a 2284 libjettison-java_1.4.0-1+deb10u1.dsc
 f4324cedd04d0b2ec92225f7f56e1d6a8f780f6da77a35123075995d4af7cecf 51596 libjettison-java_1.4.0.orig.tar.xz
 ae8c75d84cab29bbf9de35477c852b4515647ea4b3d8ddd2a4392288c60c6f75 3776 libjettison-java_1.4.0-1+deb10u1.debian.tar.xz
 30eab4c1e93cc6c4d357b59bc7f4564c35425443f34114e61c44adad8a80f42a 13562 libjettison-java_1.4.0-1+deb10u1_amd64.buildinfo
Changes:
 libjettison-java (1.4.0-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2022-40149:
     It was discovered that libjettison-java, a collection of StAX parsers and
     writers for JSON, was vulnerable to a denial-of-service attack, if the
     attacker provided untrusted XML or JSON data.
Files:
 4ff37ae390f11f66a7396b6daddcdcee 2284 java optional libjettison-java_1.4.0-1+deb10u1.dsc
 23b2c0dcbbd2228604f85b78f6314b3a 51596 java optional libjettison-java_1.4.0.orig.tar.xz
 01ed85cc619a7a29e77c90b24f11eaf3 3776 java optional libjettison-java_1.4.0-1+deb10u1.debian.tar.xz
 70b94d926137074a74b5a9dfcd1e03d8 13562 java optional libjettison-java_1.4.0-1+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNsO+hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HklcYP/0QOunRDRlLX5Y8P2lB7jK+MqZnf54DjRUjm
NhGmwyQVjP8nouSd4a/yxVf6X+6JugO7Ej2kM4Z3Iur88nYd3WGPT4y8kYKJFnpw
t2bUtUPvOqaDYwrzf1sLRNkzP1yMjFSHfd+CHVSY4GFiFeyfS1YYMqBFMNbQrAPF
GkP0MId1sgCD5vQ7ymqknnhrPItM4pMstgnOpBnnPHJK0Roxg1HQX/5gQW7h5K3P
qZJMqYB4GTVhLEAH4WO7TUfD2DCkMvFLt5jbsOCDT01mo2y5e6xdgFqsCxSEUjZz
ukvWNr6gtw1nwVLJlgtUsjDV9Z1QBpYk1JZI0pF2uVs5ZJQ6zLP6xKfm3TCGaWvY
91ENb0nVhpma4aksUoDOJZdriZstBzz4iSlQmdXmqeScm6Y2fJVj65v4JgCpmopZ
VyvzDfN2rP+RowplTCz2LQfnO/xu6sKrSLw8ECmAKgmfIXWCDnFG0kW4CLgX/Lrc
bYanORFaOEiotQ0U2+viqlBe7atMbeI5nmHuxNcJuZMnjy7zae7it/iJx4BP70pa
6vfHHEjoIB1/ZRhKmRE78UCOGip4BgoJJ6nsJjaY6D/tsNv0MhNwxqBz0E2dRrkz
VUJ1urPqHEc+duIQJ0f5e6qayyBQx9P6FvVIMV2aPh0luCIE34kh2JstMqabLdzr
KhI2qMDm
=z5fT
-----END PGP SIGNATURE-----

News for package libjettison-java