** Patch added: "lp1780844-x.debdiff" https://bugs.launchpad.net/ubuntu/+source/libxstream-java/+bug/1780844/+attachment/5161571/+files/lp1780844-x.debdiff
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxstream-java in Ubuntu. https://bugs.launchpad.net/bugs/1780844 Title: CVE-2017-7957: XStream through 1.4.9 mishandles attempts to create an instance of the primitive type 'void' Status in libxstream-java package in Ubuntu: Fix Released Status in libxstream-java source package in Trusty: In Progress Status in libxstream-java source package in Xenial: In Progress Status in libxstream-java source package in Artful: Fix Released Status in libxstream-java source package in Bionic: Fix Released Status in libxstream-java source package in Cosmic: Fix Released Bug description: [impact] XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. [test case] self-test for failure is provided as part of the upstream commit [regression potential] regressions could include failing to parse the stream. [other info] http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7957.html https://x-stream.github.io/CVE-2017-7957.html https://github.com/x-stream/xstream/commit/b3570be To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxstream-java/+bug/1780844/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
