Register | Log in

libxstream-java

Java library to serialize objects to XML and back again

Choose email to subscribe with

general

source: libxstream-java (main)
version: 1.4.18-2
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Varun Hiremath [DMD] – Emmanuel Bourg [DMD] – Torsten Werner [DMD]
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.4.9-2
o-o-sec: 1.4.11.1-1+deb9u5
oldstable: 1.4.11.1-1+deb10u2
old-sec: 1.4.11.1-1+deb10u3
stable: 1.4.15-3+deb11u1
stable-sec: 1.4.15-3+deb11u1
testing: 1.4.18-2
unstable: 1.4.18-2

versioned links

1.4.9-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.11.1-1+deb9u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.11.1-1+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.11.1-1+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.15-3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.18-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libxstream-java

action needed

A new upstream version is available: 1.4.19 high

A new upstream version 1.4.19 is available, you should consider packaging it.

Created: 2022-01-30 Last update: 2022-05-24 03:32

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2021-43859: XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.

Created: 2022-02-08 Last update: 2022-03-26 17:38

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2021-43859: XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.

Created: 2022-02-08 Last update: 2022-03-26 17:38

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2021-43859: XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.

Created: 2022-02-08 Last update: 2022-03-26 17:38

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2021-43859: XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.

Created: 2022-02-08 Last update: 2022-03-26 17:38

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2021-10-13 Last update: 2021-10-13 21:33

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:25

news

[2022-02-15] Accepted libxstream-java 1.4.11.1-1+deb9u5 (source all) into oldoldstable (Chris Lamb)
[2021-11-19] Accepted libxstream-java 1.4.11.1-1+deb10u3 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2021-11-15] Accepted libxstream-java 1.4.15-3+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2021-11-10] Accepted libxstream-java 1.4.15-3+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Markus Koschany)
[2021-11-10] Accepted libxstream-java 1.4.11.1-1+deb10u3 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Markus Koschany)
[2021-10-03] libxstream-java 1.4.18-2 MIGRATED to testing (Debian testing watch)
[2021-09-29] Accepted libxstream-java 1.4.11.1-1+deb9u4 (source) into oldoldstable (Markus Koschany)
[2021-09-27] Accepted libxstream-java 1.4.18-2 (source) into unstable (Markus Koschany)
[2021-09-02] libxstream-java 1.4.18-1 MIGRATED to testing (Debian testing watch)
[2021-08-27] Accepted libxstream-java 1.4.18-1 (source) into unstable (Markus Koschany)
[2021-08-16] libxstream-java 1.4.15-4 MIGRATED to testing (Debian testing watch)
[2021-07-05] Accepted libxstream-java 1.4.11.1-1+deb9u3 (source) into oldstable (Sylvain Beucler)
[2021-07-01] Accepted libxstream-java 1.4.15-4 (source) into unstable (Hideki Yamane)
[2021-06-23] libxstream-java 1.4.15-3 MIGRATED to testing (Debian testing watch)
[2021-06-18] Accepted libxstream-java 1.4.15-3 (source) into unstable (Hideki Yamane)
[2021-04-09] libxstream-java 1.4.15-2 MIGRATED to testing (Debian testing watch)
[2021-04-03] Accepted libxstream-java 1.4.15-2 (source) into unstable (Markus Koschany)
[2021-04-03] Accepted libxstream-java 1.4.11.1-1+deb9u2 (source) into oldstable (Markus Koschany)
[2021-01-09] Accepted libxstream-java 1.4.11.1-1+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2021-01-07] Accepted libxstream-java 1.4.11.1-1+deb10u2 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Markus Koschany)
[2020-12-31] Accepted libxstream-java 1.4.11.1-1+deb9u1 (source) into oldstable (Markus Koschany)
[2020-12-24] libxstream-java 1.4.15-1 MIGRATED to testing (Debian testing watch)
[2020-12-20] Accepted libxstream-java 1.4.11.1-1+deb10u1 (source all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2020-12-18] Accepted libxstream-java 1.4.15-1 (source) into unstable (Markus Koschany)
[2020-12-15] Accepted libxstream-java 1.4.11.1-1+deb10u1 (source all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Markus Koschany)
[2020-12-01] Accepted libxstream-java 1.4.9-2+deb9u1 (source) into oldstable (Markus Koschany)
[2020-11-25] libxstream-java 1.4.14-1 MIGRATED to testing (Debian testing watch)
[2020-11-19] Accepted libxstream-java 1.4.14-1 (source) into unstable (Markus Koschany)
[2020-04-11] libxstream-java 1.4.11.1-2 MIGRATED to testing (Debian testing watch)
[2020-04-05] Accepted libxstream-java 1.4.11.1-2 (source) into unstable (Emmanuel Bourg)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 1)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.18-2
1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing