libxstream-java 1.4.11.1-1~18.04.2 source package in Ubuntu
Changelog
libxstream-java (1.4.11.1-1~18.04.2) bionic-security; urgency=medium
* Merge from Debian.
* SECURITY UPDATE: Arbitrary code execution.
- debian/patches/CVE-2021-21341-to-CVE-2021-21351.patch: The type
hierarchies for java.io.InputStream, java.nio.channels.Channel,
javax.activation.DataSource and javax.sql.rowsel.BaseRowSet are now
blacklisted as well as the individual types
com.sun.corba.se.impl.activation.ServerTableEntry,
com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator,
sun.awt.datatransfer.DataTransferer$IndexOrderComparator, and
sun.swing.SwingLazyValue. Additionally the internal type
Accessor$GetterSetterReflection of JAXB, the internal types
MethodGetter$PrivilegedGetter and ServiceFinder$ServiceNameIterator of
JAX-WS, all inner classes of javafx.collections.ObservableList and an
internal ClassLoader used in a private BCEL copy are now part of the
default blacklist and the deserialization of XML containing one of the two
types will fail. You will have to enable these types by explicit
configuration, if you need them.
- CVE-2021-21341
- CVE-2021-21342
- CVE-2021-21343
- CVE-2021-21344
- CVE-2021-21345
- CVE-2021-21346
- CVE-2021-21347
- CVE-2021-21348
- CVE-2021-21349
- CVE-2021-21350
- CVE-2021-21351
-- Eduardo Barretto <email address hidden> Wed, 28 Apr 2021 17:06:48 +0200
Upload details
- Uploaded by:
- Eduardo Barretto
- Uploaded to:
- Bionic
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libxstream-java_1.4.11.1.orig.tar.xz | 434.7 KiB | 24eb3173a9c4be2d30cdf7271336870c147e1bb0cee0bcc512d6198d7a12d038 |
| libxstream-java_1.4.11.1-1~18.04.2.debian.tar.xz | 12.0 KiB | 7677d237ea94b5acc3d492c9317e4b672f025da07aa013412af49912a490bc5c |
| libxstream-java_1.4.11.1-1~18.04.2.dsc | 2.4 KiB | 5fc0958af712c945f88aa971a92aa06640a390ef0bb660374277d24d1c0abd28 |
Available diffs
Binary packages built by this source
- libxstream-java: Java library to serialize objects to XML and back again
The features of the XStream library are:
.
- Ease of use. A high level facade is supplied that simplifies common
use cases.
- No mappings required. Most objects can be serialized without need
for specifying mappings.
- Performance. Speed and low memory footprint are a crucial part of
the design, making it suitable for large object graphs or systems
with high message throughput.
- Clean XML. No information is duplicated that can be obtained via
reflection. This results in XML that is easier to read for humans
and more compact than native Java serialization.
- Requires no modifications to objects. Serializes internal fields,
including private and final. Supports non-public and inner classes.
Classes are not required to have default constructor.
- Full object graph support. Duplicate references encountered in the
object-model will be maintained. Supports circular references.
- Integrates with other XML APIs. By implementing an interface,
XStream can serialize directly to/from any tree structure (not just
XML).
- Customizable conversion strategies. Strategies can be registered
allowing customization of how particular types are represented as
XML.
- Error messages. When an exception occurs due to malformed XML,
detailed diagnostics are provided to help isolate and fix the
problem.
- Alternative output format. The modular design allows other output
formats. XStream ships currently with JSON support and morphing.
