[SECURITY] [DLA 2078-1] libxmlrpc3-java security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libxmlrpc3-java
Version : 3.1.3-7+deb8u1
CVE ID : CVE-2019-17570
Debian Bug : 949089
An untrusted deserialization was found in the
org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache
XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target
a XML-RPC client causing it to execute arbitrary code.
Clients that expect to get server-side exceptions need to set the
enabledForExceptions property to true in order to process serialized
exception messages again.
For Debian 8 "Jessie", this problem has been fixed in version
3.1.3-7+deb8u1.
We recommend that you upgrade your libxmlrpc3-java packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4zBNVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSJuRAAwy4O0ra3IfTvMnZJp7tjpLsR5LOAf9Br5b7+/pBbQvFjP1dO4xxWGInV
TPvX6fbheP7RbqYk9K74JEzxeIEXEAf1i6rzV2+vkcH6IoN379N9CRUyDfSz7A0I
c6abZ1/FVmAT3F2Y9onJrCBkmKAr5MQq0/aufBXl/tpDBQWs92nF/tPOSZaRQjPC
YShDYpdH1+lJZxfn1+rjCSoQpArXkeHnA5s0kHxhzr3FqFfdv+0Xze+W3FkOK9yZ
Q2efsoq2CRrJLJqZ6E6V9FggpSvbbvqN5VpQYU7L/9jxtRUewt6KB8uL4Yy76OJS
+7xuZFkRRjhviyC60yEo+Q+If7F9OHvXpieeKLhtwk679nVrXUkZTQqgp9kxmxWR
LRZovwmCLsZbDpepmEJFYOtDobvLYfuRg8JSovvVu5VfnGJKJLpKmJs9pBzO+o6L
83KxYHzTYIQlALOMjm+5FDPM1qdaWgd9580trcFl57g0e0nIYMSI0O/71fIVyd/d
zz1IVgfTmYRYHdMSXMAC00BSVlgNTHZYWenoNoNSuTU0X0l0H7Q46ydv8iSSn0QL
tH3QoBU7vL0Hn/2OF8VWPqjLqNayrjxDMgEuyckbp5rNuFWcoLoBjAMy1cG73XN4
ZemKvCmWpvgVFtme45Jdw4E5Kaf5JFSpax0cCysOaWH/2dvM4R4=
=uPeY
-----END PGP SIGNATURE-----
Reply to: