libxstream-java source package in Ubuntu


libxstream-java ( groovy-security; urgency=medium

  * Merge from Debian
  * SECURITY UPDATE: Command Injection Vulnerability
    - debian/patches/CVE-2020-26217.patch: New predefined blacklist avoids
      vulnerability due to improper setup and update security vulnerability
      test to test default.
    - debian/patches/CVE-2020-26259.patch: Fix arbitrary File Deletion on the
      local host.
    - CVE-2020-26217
    - CVE-2020-26259
  * SECURITY UPDATE: Server-Side Request Forgery Vulnerability
    - debian/patches/CVE-2020-26258.patch: Fix access data streams from an
      arbitrary URL.
    - CVE-2020-26258
  * SECURITY UPDATE: Arbitrary code execution.
    - debian/patches/CVE-2021-21341-to-CVE-2021-21351.patch: The type
    hierarchies for, java.nio.channels.Channel,
    javax.activation.DataSource and javax.sql.rowsel.BaseRowSet are now
    blacklisted as well as the individual types,$NameProcessIterator,
    sun.awt.datatransfer.DataTransferer$IndexOrderComparator, and
    sun.swing.SwingLazyValue. Additionally the internal type
    Accessor$GetterSetterReflection of JAXB, the internal types
    MethodGetter$PrivilegedGetter and ServiceFinder$ServiceNameIterator of
    JAX-WS, all inner classes of javafx.collections.ObservableList and an
    internal ClassLoader used in a private BCEL copy are now part of the
    default blacklist and the deserialization of XML containing one of the two
    types will fail. You will have to enable these types by explicit
    configuration, if you need them.
    - CVE-2021-21341
    - CVE-2021-21342
    - CVE-2021-21343
    - CVE-2021-21344
    - CVE-2021-21345
    - CVE-2021-21346
    - CVE-2021-21347
    - CVE-2021-21348
    - CVE-2021-21349
    - CVE-2021-21350
    - CVE-2021-21351
  * Add a new maven rule to fix FTBFS.
    - debian/maven.ignoreRules: Add jaxws-rt.

 -- Eduardo Barretto <email address hidden>  Thu, 29 Apr 2021 11:59:58 +0200

Upload details

Uploaded by:
Eduardo Barretto
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section


Groovy: [FULLYBUILT] amd64


File Size SHA-256 Checksum
libxstream-java_1.4.11.1.orig.tar.xz 434.7 KiB 24eb3173a9c4be2d30cdf7271336870c147e1bb0cee0bcc512d6198d7a12d038
libxstream-java_1.4.11.1-2ubuntu0.1.debian.tar.xz 12.3 KiB ee7628dfb781350943715cb51825ffda9e2d010dc6f5efcfdf90d80c890d1185
libxstream-java_1.4.11.1-2ubuntu0.1.dsc 2.4 KiB c9bfe1b2f8da39ae51a5368f7e35cdf6d3f21a792056b86a3f82e38a6100abca

View changes file

Binary packages built by this source

libxstream-java: No summary available for libxstream-java in ubuntu groovy.

No description available for libxstream-java in ubuntu groovy.