-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Nov 2024 23:58:53 +0100 Source: libxstream-java Architecture: source Version: 1.4.21-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Pierre Gruet <pgt@debian.org> Closes: 1087274 Changes: libxstream-java (1.4.21-1) unstable; urgency=medium . * Team upload * New upstream version 1.4.21: - Fixes CVE-2024-47072 (Closes: #1087274) This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. * Refreshing patches Checksums-Sha1: 141009c6b9f359c80ffdf9bdced5e4fe993bf1b8 2343 libxstream-java_1.4.21-1.dsc cff4e0d75b0ed4d4aa637d59d0dfba30e59bf354 484588 libxstream-java_1.4.21.orig.tar.xz ae5e57a198d8b88a1a5fc6de4867d539e2220424 18676 libxstream-java_1.4.21-1.debian.tar.xz 6e9d1ee5156a2aa3c02daa221cdf3476640327a3 17751 libxstream-java_1.4.21-1_source.buildinfo Checksums-Sha256: 37b0ab680922af192f5ff3c4c35124a412901e1bb34db2aaae82463a21a8b978 2343 libxstream-java_1.4.21-1.dsc fbafcc79f0b666c92e2fb879629eb0634e8b3bdac411bf03c1d5deb435e7d3b5 484588 libxstream-java_1.4.21.orig.tar.xz e6d4b093b1ecb0fd3a120447be7a9d3dbf0bae40ae9472f2c60fb46c990e9f71 18676 libxstream-java_1.4.21-1.debian.tar.xz dd9cd203811683d490646e8ab36b7cd8cc60f5df49ea4e2cfd09e04f78bc6ac4 17751 libxstream-java_1.4.21-1_source.buildinfo Files: 07dc6d87c73441870ffb67e6772d6986 2343 java optional libxstream-java_1.4.21-1.dsc 8e42eee7f046c8b4f0c3e2832b851259 484588 java optional libxstream-java_1.4.21.orig.tar.xz 320712e73dda3e1cd21537e916d44141 18676 java optional libxstream-java_1.4.21-1.debian.tar.xz 12552efe77c3eb121ad10cdd28ddf88a 17751 java optional libxstream-java_1.4.21-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmc30ssACgkQYAMWptwn dHZRZQ//Tp81wj0EYzp0lK4DV587/qzK6G20yIC+2jXoR/AKFMPYUE6crSyAEecy //9RNCoQ2o7VnPYWM1R9H8S241PKDqTVoDVHasnWeUr7AbvJR9S3uNlXUjRuibjo sgeKyYTv8104eU/SZ6RS+sYmRSdIu/WfxC0JTQUhtohvLgrMenYqWNLDva3enKU1 X9sSk+QCtmUSKpaOr6Es5MP4tkSUpO1SHadnTqQCsxJNBJI50fJwTIFWqQW7xn5m OBNi/mAPms/akbhAk2RvWYdg7AN9yEFT64wawgSgZf7DphmVha8m63LKq9AZueyl q5yiDqzQ48q+Zvp2DhLW/skvvc2aW3qc+NYxndd/ZRPEwu42v8dEOOxRgX5zK9NL QbO4RwQjrQvpz15xTBwFiYG0ebHYwT3kx7W0KS5dR/gKqSNuI2afp+m9xvyr8nju lEKgVDnnykiDYRoQBRfCF5x+ePXmSBO62Nn1stmtZkot8SkaWpbg1lCNMj4O1hHA hbzhbKrddhv8LeSmzikMWzO4L3mKZzSX7x7n5cxO5LLw1hBNB9YIIvagq2IYtl99 kCKAfOD7GLOyY1f15LPLoVYMnQgrPL1QNSmfTcWW8jbBzLrI1cjDO95jdegcxLxq rMlfOUGgnquEXSAFnhjykBlij5sDhuBtm+oSf/E13GceoFLZ7Oc= =1wfB -----END PGP SIGNATURE-----
