A new upstream version is available: 4.5.8
A new upstream version 4.5.8 is available, you should consider packaging it.
9 security issues in sid
There are 9 open security issues in sid.
Please fix them.
9 important issues:
- CVE-2016-6345: RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.
- CVE-2016-6346: RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
- CVE-2016-6347: Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2016-6348: JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
- CVE-2018-1051: It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
- CVE-2020-1695: A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
- CVE-2020-25633: A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
The package has not entered testing even though the delay is over
The package has not entered testing even though the 5-day delay is over.
Standards version of the package is outdated.
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.5.0 instead of