-
libjettison-java (1.5.3-1ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2023-1436.patch: fixed a stack overflow in JSONArray
function.
- CVE-2023-1436
-- Amir Naseredini <email address hidden> Tue, 20 Jun 2023 09:25:08 +0100
-
libjettison-java (1.5.3-1) unstable; urgency=high
* Team upload.
* New upstream version 1.5.3.
- Fix CVE-2022-40150, CVE-2022-45685, CVE-2022-45693:
denial of service via stack overflow / out of memory
(Closes: #1022553)
* Declare compliance with Debian Policy 4.6.2.
-- Markus Koschany <email address hidden> Sat, 31 Dec 2022 11:18:53 +0100
-
libjettison-java (1.5.1-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.5.1.
* Fix CVE-2022-40149:
It was discovered that libjettison-java, a collection of StAX parsers and
writers for JSON, was vulnerable to a denial-of-service attack, if the
attacker provided untrusted XML or JSON data. (Closes: #1022554)
-- Markus Koschany <email address hidden> Thu, 10 Nov 2022 01:09:07 +0100
-
libjettison-java (1.4.1-1) unstable; urgency=medium
* Team upload.
* New upstream release
* Standards-Version updated to 4.5.1
* Switch to debhelper level 13
* Use salsa.debian.org Vcs-* URLs
-- Emmanuel Bourg <email address hidden> Mon, 18 Jan 2021 00:14:42 +0100