UbuntuUpdates.org

Package "libxstream-java"

Name: libxstream-java

Description:

Java library to serialize objects to XML and back again

Latest version: 1.4.8-1ubuntu0.1
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: http://xstream.codehaus.org

Links


Download "libxstream-java"


Other versions of "libxstream-java" in Xenial

Repository Area Version
base universe 1.4.8-1
security universe 1.4.8-1ubuntu0.1

Changelog

Version: 1.4.8-1ubuntu0.1 2018-07-20 01:07:20 UTC

  libxstream-java (1.4.8-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: handle void type class (LP: #1780844)
    - d/p/CVE-2017-7957.patch: Prevent deserialization of void.
    - CVE-2017-7957

 -- Dan Streetman <email address hidden> Mon, 09 Jul 2018 15:21:51 -0400

1780844 CVE-2017-7957: XStream through 1.4.9 mishandles attempts to create an instance of the primitive type 'void'
CVE-2017-7957 XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during



About   -   Send Feedback to @ubuntu_updates