[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 930-1] libxstream-java security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libxstream-java
Version        : 1.4.2-1+deb7u2
CVE ID         : CVE-2017-7957
Debian Bug     : #861521

It was discovered that there was a remote application crash vulnerability in
libxstream-java, a Java library to serialize objects to XML and back again.
This was due to mishandled attempts to create an instance of the primitive type
'void' during unmarshalling.

For Debian 7 "Wheezy", this issue has been fixed in libxstream-java version
1.4.2-1+deb7u2.

We recommend that you upgrade your libxstream-java packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkG+IoACgkQHpU+J9Qx
HlhLQw/+Kyjbn3LE8EdvPGrn+ayJ3Z6LWs7neiavAGTRGnXpBPGgDfQUdTroGzFR
3NEmH2RvV+BWvMlkty8qhaCJYrF2wf98Do27dRL7NCDh5zRLt5BrJqo67M5Sdo0K
5AjQltvCOqEKNFbxceGFtmcfOgfAXwVhhTiPdHxzryZQqJ+vYPgyBlWS067Rxq8d
XmI+OPyDvuWhEmupxsr0nCxchYzGDp3/O9FOr5JHqB80lxdWIJvGQNDDi2w4myBS
YPcEkih7uNLWTj1I21jPU3lel8PMr0SMNIP0XecYHGNUUGiq0rZkGjtY1etggxxf
daLTxDWoXc+7FMB9kaLx390dkHIHc7xIsOBzcawq5oCK5FTDPqo7fBtqy1IEvAp2
vAYe2JcyEnSRsOeBaISuteuhTyTCdyAkbVbtRJW1ngkq6r9ojQGZ61rtxuUL8bjF
yx7ZlLaB+FTsZip8IJZZKsa6MYXUYgXBctEeWKPLEiSDJLKndhxq3YLNwXIT7+6f
kKj6pMD2Zsdb8GXvkTTZABfspnssgv4SEbEGQaxHhY//4RLXn0Pa1QG5YajqBDI/
25ZnuDu8sKUlKMur7zneBNTSv7oV4wUPoknnCYAg6tXYaf/+yPxkoJaW+F38Qp/c
ZkBPsQgXdHOajttzGNzi6K5uR+s9EMhwK4mA8IzALjKzPCEAEEk=
=ylHE
-----END PGP SIGNATURE-----


Reply to: