Register | Log in

libxstream-java

Java library to serialize objects to XML and back again

Choose email to subscribe with

general

source: libxstream-java (main)
version: 1.4.15-3
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Varun Hiremath [DMD] – Emmanuel Bourg [DMD] – Torsten Werner [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.4.9-2
old-sec: 1.4.11.1-1+deb9u2
stable: 1.4.11.1-1+deb10u2
stable-sec: 1.4.11.1-1+deb10u2
testing: 1.4.15-2
unstable: 1.4.15-3

versioned links

1.4.9-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.11.1-1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.11.1-1+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.15-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.15-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libxstream-java

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://github.com/x-stream/xstream/tags .*/archive/XSTREAM_([\d_]+).tar.gz

Created: 2021-03-21 Last update: 2021-06-22 20:34

1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:

CVE-2021-29505: XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.

Created: 2021-05-30 Last update: 2021-06-18 12:00

12 security issues in buster high

There are 12 open security issues in buster.

12 important issues:

CVE-2021-21341: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21342: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21343: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21344: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21345: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21346: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21347: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21348: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21349: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21350: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21351: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-29505: XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.

Created: 2021-03-24 Last update: 2021-06-18 12:00

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2021-29505: XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.

Created: 2021-05-30 Last update: 2021-06-18 12:00

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-01-27 03:03

testing migrations

excuses:
- Migration status for libxstream-java (1.4.15-2 to 1.4.15-3): Will attempt migration (Any information below is purely informational)
- Additional info:
- Updating libxstream-java fixes old bugs: #989491
- Piuparts tested OK - https://piuparts.debian.org/sid/source/libx/libxstream-java.html
- Overriding age needed from 5 days to 5 by sramacher
- 5 days old (needed 5 days)
- Ignoring block request by freeze, due to unblock request by sramacher

news

[2021-06-18] Accepted libxstream-java 1.4.15-3 (source) into unstable (Hideki Yamane)
[2021-04-09] libxstream-java 1.4.15-2 MIGRATED to testing (Debian testing watch)
[2021-04-03] Accepted libxstream-java 1.4.15-2 (source) into unstable (Markus Koschany)
[2021-04-03] Accepted libxstream-java 1.4.11.1-1+deb9u2 (source) into oldstable (Markus Koschany)
[2021-01-09] Accepted libxstream-java 1.4.11.1-1+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2021-01-07] Accepted libxstream-java 1.4.11.1-1+deb10u2 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Markus Koschany)
[2020-12-31] Accepted libxstream-java 1.4.11.1-1+deb9u1 (source) into oldstable (Markus Koschany)
[2020-12-24] libxstream-java 1.4.15-1 MIGRATED to testing (Debian testing watch)
[2020-12-20] Accepted libxstream-java 1.4.11.1-1+deb10u1 (source all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2020-12-18] Accepted libxstream-java 1.4.15-1 (source) into unstable (Markus Koschany)
[2020-12-15] Accepted libxstream-java 1.4.11.1-1+deb10u1 (source all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Markus Koschany)
[2020-12-01] Accepted libxstream-java 1.4.9-2+deb9u1 (source) into oldstable (Markus Koschany)
[2020-11-25] libxstream-java 1.4.14-1 MIGRATED to testing (Debian testing watch)
[2020-11-19] Accepted libxstream-java 1.4.14-1 (source) into unstable (Markus Koschany)
[2020-04-11] libxstream-java 1.4.11.1-2 MIGRATED to testing (Debian testing watch)
[2020-04-05] Accepted libxstream-java 1.4.11.1-2 (source) into unstable (Emmanuel Bourg)
[2018-11-16] libxstream-java 1.4.11.1-1 MIGRATED to testing (Debian testing watch)
[2018-11-10] Accepted libxstream-java 1.4.11.1-1 (source) into unstable (Markus Koschany)
[2018-11-10] Accepted libxstream-java 1.4.11-1 (source) into unstable (Markus Koschany)
[2017-06-25] libxstream-java 1.4.10-1 MIGRATED to testing (Debian testing watch)
[2017-06-20] Accepted libxstream-java 1.4.10-1 (source) into unstable (Emmanuel Bourg)
[2017-05-27] Accepted libxstream-java 1.4.7-2+deb8u2 (source all) into proposed-updates->stable-new, proposed-updates (Emmanuel Bourg)
[2017-05-21] libxstream-java 1.4.9-2 MIGRATED to testing (Debian testing watch)
[2017-05-02] Accepted libxstream-java 1.4.9-2 (source) into unstable (Emmanuel Bourg)
[2017-05-01] Accepted libxstream-java 1.4.2-1+deb7u2 (source all) into oldstable (Chris Lamb)
[2016-06-08] Accepted libxstream-java 1.4.2-1+deb7u1 (source all) into oldstable (signed by: Markus Koschany)
[2016-05-18] Accepted libxstream-java 1.4.7-2+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates (Emmanuel Bourg)
[2016-04-04] libxstream-java 1.4.9-1 MIGRATED to testing (Debian testing watch)
[2016-03-29] Accepted libxstream-java 1.4.9-1 (source all) into unstable (Emmanuel Bourg)
[2015-05-05] libxstream-java 1.4.8-1 MIGRATED to testing (Britney)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 1)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.15-3

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing