Tags: security upstream
the following vulnerability was published for libxstream-java.
remote code execution via deserialization in XStream
See also  for the original report.  contains an initial patch
which was commited.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.