Publishing details
Changelog
libxmlrpc3-java (3.1.3-9+deb10u1build0.18.04.1) bionic-security; urgency=medium
* fake sync from Debian
libxmlrpc3-java (3.1.3-9+deb10u1) buster-security; urgency=high
* Team upload.
* Fix CVE-2019-17570:
An untrusted deserialization was found in the
org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache
XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a
XML-RPC client causing it to execute arbitrary code.
Clients that expect to get server-side exceptions need to set the
enabledForExceptions property to true in order to process serialized
exception messages. (Closes: #949089)
-- Eduardo Barretto <email address hidden> Mon, 14 Sep 2020 10:26:53 -0300
Builds
Built packages
-
libxmlrpc3-client-java
XML-RPC implementation in Java (client side)
-
libxmlrpc3-common-java
XML-RPC implementation in Java
-
libxmlrpc3-java-doc
XML-RPC implementation in Java (API documentation)
-
libxmlrpc3-server-java
XML-RPC implementation in Java (server side)
Package files