-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 18:58:45 +0000 Source: libxstream-java Architecture: source Version: 1.4.15-3+deb11u3 Distribution: bullseye-security Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1087274 Changes: libxstream-java (1.4.15-3+deb11u3) bullseye-security; urgency=medium . * Team upload by LTS team * Fix CVE-2021-43859: Denial of Service (DoS) by injecting highly recursive collections or maps. The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. * Fix CVE-2021-43859: This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver (Closes: #1087274) Checksums-Sha1: 0e952039d60b9978f211d005c37b8e2fd33c5a0d 2429 libxstream-java_1.4.15-3+deb11u3.dsc 8267825391de4a4557308186cecfadc22d21c4d5 452396 libxstream-java_1.4.15.orig.tar.xz 1c1cc69ac1d05369e7982dc8d9e0754373e0979f 17340 libxstream-java_1.4.15-3+deb11u3.debian.tar.xz 54fdad70e40d7b2b1cf51bcdcbb5a4deba6e1bf9 16948 libxstream-java_1.4.15-3+deb11u3_amd64.buildinfo Checksums-Sha256: 9110079aadb72b2a2c671d5ab6ede45e27c0d45794173f30b7733a83437ef0cd 2429 libxstream-java_1.4.15-3+deb11u3.dsc f905ff9b5d3b7c25914b263903a295d682b476e33d36af7e04a0bee304ad2040 452396 libxstream-java_1.4.15.orig.tar.xz 26a77150b34709ae4ef54742a0b42bee957797e6b1774673b47094d2886cb42e 17340 libxstream-java_1.4.15-3+deb11u3.debian.tar.xz 92f4ffd964e251728796b539451d141c85eeff786f4363974685d278bdbcc8c4 16948 libxstream-java_1.4.15-3+deb11u3_amd64.buildinfo Files: e0e1d3f6357fd1edf0c390286bb1a9ea 2429 java optional libxstream-java_1.4.15-3+deb11u3.dsc 323ce40bd51667f31247316f07e14b16 452396 java optional libxstream-java_1.4.15.orig.tar.xz 8317c5771f5f25d50888d8b8d8c7148d 17340 java optional libxstream-java_1.4.15-3+deb11u3.debian.tar.xz 325c028034c7b21d87c9116ff68b2e88 16948 java optional libxstream-java_1.4.15-3+deb11u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdnLjIRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF9ZUBAAmpBP4DSA34p9p2nFFtqsolJX2Vh8twSB iquKvD219WTpR4e0ye6YqRKUMthzChLs3V37wZqLe6Daih+F3cbUeRPlNqM21WKP tQykCLk7743uU4Vcu4noArLXTNqrl6dbIiuFreWaDwKrcOTI/D1oSFzt7GmpDScR hEfBF0cNHKBqu8OVgEXcV9/DZlrvrbNUVlT9MWEEodgEyoKeNodXm+pqaPwVRCkn tnGA19dhH1kv+QOzKXsF9RWvvGdhV/UmH/xzT+iRHJr9imwnWN3LtT5rdcgWSBZc I2hshuz23MhMc/rTPUsjTgNk1+1W1wNW2I8ddpl9gRrWOYEzeP2y8eM/Rw91Afdt zM35K1W1lsCE1reOc0Uw0F/cuPLW6r+EqW6NV3NznWjfDn+5GA6iue+0Voc2AIbc FwapFiwMWCEp3eww0QravMqFp5g6rKkoO8x/vCSdA40a6uAkvwMpNy9OkdqF6EmU 0ECa+kUlR3EeBgZXNAn4say4/tLNR84kOAXI6TrRQasHN8T8OFBMqhaqXzaoBNFN m6opPPBreL1ogozE4ABMrz01HwyAK1A6h2Znx0DLGvUtVTCrtqj3veHp/ds4Nsgy lkaER4KoB5ZKhYYdIUmYTmLvSM9CbXKZVU+4EveDMt7MDeVuv6lvwgj6IhwStlsL q7628n0pLL4= =XXxL -----END PGP SIGNATURE-----
