[SECURITY] [DLA 4001-1] libxstream-java security update

To: <[email protected]>
Subject: [SECURITY] [DLA 4001-1] libxstream-java security update
From: [email protected]
Date: Sat, 21 Dec 2024 22:07:38 +0000
Message-id: <[🔎] [email protected]>
Mail-followup-to: [email protected]
Reply-to: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4001-1                [email protected]
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
December 21, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libxstream-java
Version        : 1.4.15-3+deb11u3
CVE ID         : CVE-2021-43859 CVE-2024-47072
Debian Bug     : 1087274

XStream is a simple java library to serialize objects to XML
and back again. Two vulnerabilities were fixed:

CVE-2021-43859:

  XStream can cause a Denial of Service (DoS) by injecting highly
  recursive collections or maps 

CVE-2024-47072

  XStream was vulnerable to a Denial of Service attack due
  to stack overflow from a manipulated binary input stream 

For Debian 11 bullseye, this problem has been fixed in version
1.4.15-3+deb11u3.

We recommend that you upgrade your libxstream-java packages.

For the detailed security status of libxstream-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxstream-java

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdnPCoACgkQADoaLapB
CF8owQ//VZXyF4cbOBpAJotZWZ1muoja/t3TiDI8/A39x9Ws6996oP2dxq7N2cTA
JAagQwZJ3m4DgGlhywthj3FnLhuKWJRH/DYLWDGZKBPWU1oAVzBRwuDdOG/o4yHH
DJuyh36U2t6VYNK56DGbpoSt5pJF+QNJuYSt/gIom1ZbR7pnpyaiUSYgwE10xrR6
oz0ssWMjONvFTVyyjpr7LQj1g3nxgg32RhMhG9ovc+0qvKYh5fanOwV5qRyDzBi2
NB+NGIONMDzWdDRcRZC8pMypc7pojsM+nqItFkkUJfONa5aq3wnotoBRR/J92HFv
3UmpFc/ejj+XtL6lq/Ler0p6LDoOlJgymuSTLUd88AnVWVZShaY8OsXDus8h+yKj
lY5WJpCgkCNnyznYtoegan2gLyAlxSYzd3bOqVRtHG2y+Gve7Vge5I6fO1xfqgfT
jnI3obj6yCsfcvXPRf/vKvPXp05WtNoNOumNjFUn0er7+ovmzkHFfCKqu+mA8meH
2pDur6TLeRRt2QoSnIsUEI38uhPv5aqTah0N7N0TnqZ6uTYENxmuyJxw4Yya129G
L+aCHVwXtWnp3c68BvIYCUyk/ytqCiFbkoJWFHhHsCgojjaUwkGEL/VCCLM8LH1g
Z+iR6xzJWQ0QfJUbcDv4x2wztHwp55feL9p+3sAhTq2ymkuzTTA=
=cW3Q
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4000-1] sqlparse security update
Next by Date: [SECURITY] [DLA 4002-1] intel-microcode security update
Previous by thread: [SECURITY] [DLA 4000-1] sqlparse security update
Next by thread: [SECURITY] [DLA 4002-1] intel-microcode security update
Index(es):
- Date
- Thread

	
		OSZAR »