Publishing details

Published on 2020-09-14
Copied from ubuntu bionic in PPA for Ubuntu Security Proposed by Eduardo Barretto

Changelog

libxmlrpc3-java (3.1.3-9+deb10u1build0.18.04.1) bionic-security; urgency=medium

  * fake sync from Debian

libxmlrpc3-java (3.1.3-9+deb10u1) buster-security; urgency=high

  * Team upload.
  * Fix CVE-2019-17570:
    An untrusted deserialization was found in the
    org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache
    XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a
    XML-RPC client causing it to execute arbitrary code.

    Clients that expect to get server-side exceptions need to set the
    enabledForExceptions property to true in order to process serialized
    exception messages. (Closes: #949089)

 -- Eduardo Barretto <email address hidden>  Mon, 14 Sep 2020 10:26:53 -0300

Available diffs

diff from 3.1.3-9 (in Debian) to 3.1.3-9+deb10u1build0.18.04.1 (1.4 KiB)

Builds

amd64

Built packages

libxmlrpc3-client-java XML-RPC implementation in Java (client side)

libxmlrpc3-common-java XML-RPC implementation in Java

libxmlrpc3-java-doc XML-RPC implementation in Java (API documentation)

libxmlrpc3-server-java XML-RPC implementation in Java (server side)

Package files

libxmlrpc3-client-java_3.1.3-9+deb10u1build0.18.04.1_all.deb (48.9 KiB)
libxmlrpc3-common-java_3.1.3-9+deb10u1build0.18.04.1_all.deb (93.0 KiB)
libxmlrpc3-java-doc_3.1.3-9+deb10u1build0.18.04.1_all.deb (396.0 KiB)
libxmlrpc3-java_3.1.3-9+deb10u1build0.18.04.1.debian.tar.xz (8.5 KiB)
libxmlrpc3-java_3.1.3-9+deb10u1build0.18.04.1.dsc (2.6 KiB)
libxmlrpc3-java_3.1.3.orig.tar.gz (166.3 KiB)
libxmlrpc3-server-java_3.1.3-9+deb10u1build0.18.04.1_all.deb (71.2 KiB)