-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4001-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 21, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libxstream-java Version : 1.4.15-3+deb11u3 CVE ID : CVE-2021-43859 CVE-2024-47072 Debian Bug : 1087274 XStream is a simple java library to serialize objects to XML and back again. Two vulnerabilities were fixed: CVE-2021-43859: XStream can cause a Denial of Service (DoS) by injecting highly recursive collections or maps CVE-2024-47072 XStream was vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream For Debian 11 bullseye, this problem has been fixed in version 1.4.15-3+deb11u3. We recommend that you upgrade your libxstream-java packages. For the detailed security status of libxstream-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxstream-java Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdnPCoACgkQADoaLapB CF8owQ//VZXyF4cbOBpAJotZWZ1muoja/t3TiDI8/A39x9Ws6996oP2dxq7N2cTA JAagQwZJ3m4DgGlhywthj3FnLhuKWJRH/DYLWDGZKBPWU1oAVzBRwuDdOG/o4yHH DJuyh36U2t6VYNK56DGbpoSt5pJF+QNJuYSt/gIom1ZbR7pnpyaiUSYgwE10xrR6 oz0ssWMjONvFTVyyjpr7LQj1g3nxgg32RhMhG9ovc+0qvKYh5fanOwV5qRyDzBi2 NB+NGIONMDzWdDRcRZC8pMypc7pojsM+nqItFkkUJfONa5aq3wnotoBRR/J92HFv 3UmpFc/ejj+XtL6lq/Ler0p6LDoOlJgymuSTLUd88AnVWVZShaY8OsXDus8h+yKj lY5WJpCgkCNnyznYtoegan2gLyAlxSYzd3bOqVRtHG2y+Gve7Vge5I6fO1xfqgfT jnI3obj6yCsfcvXPRf/vKvPXp05WtNoNOumNjFUn0er7+ovmzkHFfCKqu+mA8meH 2pDur6TLeRRt2QoSnIsUEI38uhPv5aqTah0N7N0TnqZ6uTYENxmuyJxw4Yya129G L+aCHVwXtWnp3c68BvIYCUyk/ytqCiFbkoJWFHhHsCgojjaUwkGEL/VCCLM8LH1g Z+iR6xzJWQ0QfJUbcDv4x2wztHwp55feL9p+3sAhTq2ymkuzTTA= =cW3Q -----END PGP SIGNATURE-----
