Package: libxstream-java
Severity: grave
Tags: security upstream


the following vulnerability was published for libxstream-java.

remote code execution via deserialization in XStream

See also [1] for the original report. [3] contains an initial patch
which was commited.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.


This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to