-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 Dec 2024 10:12:11 +0000 Source: libxstream-java Architecture: source Version: 1.4.20-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Bastien Roucariès Closes: 1087274 Changes: libxstream-java (1.4.20-1+deb12u1) bookworm; urgency=medium . * Team upload * Fix CVE-2024-47072: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. (Closes: #1087274) Checksums-Sha1: 101b17a73b3fd32dbc816a50f78a50910906e9b0 2429 libxstream-java_1.4.20-1+deb12u1.dsc 6fe52860ba907e0b2e1cd5978bbe492797a1dad5 478604 libxstream-java_1.4.20.orig.tar.xz 0a7ff0d6f69bc21f436ffe5466a789e1ca707fc6 19112 libxstream-java_1.4.20-1+deb12u1.debian.tar.xz 2efead3c9e5d920b0cbeb6f168410a893c432c76 17750 libxstream-java_1.4.20-1+deb12u1_amd64.buildinfo Checksums-Sha256: 87109b8afdcdacff7a93033041d0652e7f026eb0f04a6d5ad7d94e967da9504a 2429 libxstream-java_1.4.20-1+deb12u1.dsc 79985cf8b48d63947f2958f76a4e0825320004ac5984347b47c4aec384ca3bd3 478604 libxstream-java_1.4.20.orig.tar.xz ec3817a1daf2d1c97f95b83d63b5573468e25e40dfe1b837e960211a7d120838 19112 libxstream-java_1.4.20-1+deb12u1.debian.tar.xz 4b49372e9375b6cb07980a7f27c31c3ae70e3c5cd954f8ea4e15e92cc4a5b294 17750 libxstream-java_1.4.20-1+deb12u1_amd64.buildinfo Files: dac7cc6e1452c01ef6d11f79c9dc4a33 2429 java optional libxstream-java_1.4.20-1+deb12u1.dsc ee2f67ebf748cc711cf9c4707ff00773 478604 java optional libxstream-java_1.4.20.orig.tar.xz 7cc02dca64e17bc2e17f162d101ad614 19112 java optional libxstream-java_1.4.20-1+deb12u1.debian.tar.xz fcd4042ef929aa747958c1d3b509dd1e 17750 java optional libxstream-java_1.4.20-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmd5QwIRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF/twRAAqlE6BajL5+zxyixOD+kGqF7QO1qcdT3l TURGZoKSGuovnUWnm9De44n2OLm1uJI8RfCemO5ZoaKI/tHA6Q05fnQStwWzXSHg lbrgu+1bIsSnsui0PsjDf7Eh1u6wX5EYhjAHuGezwZKjDXHQVTsMJ0bcHwNMcIG0 KrrD1sidmKYGXEWrMequ83UAiegqFR3Nv8RpsOk30GnnmfjbVavMzYA95FJGRmr1 zXG0ntgdWdSZGcg3RKd2Ruupq9Bsn1QRwKL79++XbKJr1D+oG6/0C5GdwKGCEfEF pZ9FreP3XyeG92S3CSfo4dWeidlHRaIljJKajXPz8Z6BN5jFeW8+AVItbaCaiIFc Q6avjM37Q4saDWL7tIJh1j/f0PuI00xzwDva2/TqDbtyDy6RlWQmzuOAjBGDjFX7 hOsxkIVwrVCIQSdJUJfvIVxGTmqlOnJFRD6/4rxJ1v4QG9Qct/NWI0wD614PC4d/ ckwhvP2Rhzi5lk4lIlmSSFvFIwq8lGHHGZ78omijeAdwRm5XwoVj4v3eH2vag95l p18xtHiZuYVxqSWVmyaEnAR96/g7uHffoxmB6VRO7QdKNyZSj/dnWGlLvDjB5eOJ jKizxny02eEX7l9Plrov/ac5bs5XQfaU5ILczTOnWMYdvRN0D6vhCR1HGfIJGFeF NRrVNdUwbHg= =DiZo -----END PGP SIGNATURE-----