Ubuntu
libxstream-java package

libxstream-java 1.4.11.1-1ubuntu0.1 source package in Ubuntu

Changelog

libxstream-java (1.4.11.1-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Command Injection Vulnerability
    - debian/patches/CVE-2020-26217.patch: New predefined blacklist avoids
      vulnerability due to improper setup and update security vulnerability
      test to test default.
    - debian/patches/CVE-2020-26259.patch: Fix arbitrary File Deletion on the
      local host.
    - CVE-2020-26217
    - CVE-2020-26259
  * SECURITY UPDATE: Server-Side Request Forgery Vulnerability
    - debian/patches/CVE-2020-26258.patch: Fix access data streams from an
      arbitrary URL.
    - CVE-2020-26258
  * Add a new maven rule to fix FTBFS.
    - debian/maven.ignoreRules: Add com.sun.xml.ws jaxws-rt.

 -- Paulo Flabiano Smorigo <email address hidden>  Wed, 27 Jan 2021 12:57:43 +0000

Upload details

Uploaded by:
Paulo Flabiano Smorigo
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
java
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Focal: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
libxstream-java_1.4.11.1.orig.tar.xz 434.7 KiB 24eb3173a9c4be2d30cdf7271336870c147e1bb0cee0bcc512d6198d7a12d038
libxstream-java_1.4.11.1-1ubuntu0.1.debian.tar.xz 10.7 KiB b7806569914611e8abbd448e2fe8443e05b909a86b09e134dee5a5b25a881588
libxstream-java_1.4.11.1-1ubuntu0.1.dsc 2.5 KiB c4eb092f4c897c1a306f737027359700eb07dcf958db6c514251e462109bfc7a

View changes file

Binary packages built by this source

libxstream-java: Java library to serialize objects to XML and back again

 The features of the XStream library are:
 .
  - Ease of use. A high level facade is supplied that simplifies common
    use cases.
  - No mappings required. Most objects can be serialized without need
    for specifying mappings.
  - Performance. Speed and low memory footprint are a crucial part of
    the design, making it suitable for large object graphs or systems
    with high message throughput.
  - Clean XML. No information is duplicated that can be obtained via
    reflection. This results in XML that is easier to read for humans
    and more compact than native Java serialization.
  - Requires no modifications to objects. Serializes internal fields,
    including private and final. Supports non-public and inner classes.
    Classes are not required to have default constructor.
  - Full object graph support. Duplicate references encountered in the
    object-model will be maintained. Supports circular references.
  - Integrates with other XML APIs. By implementing an interface,
    XStream can serialize directly to/from any tree structure (not just
    XML).
  - Customizable conversion strategies. Strategies can be registered
    allowing customization of how particular types are represented as
    XML.
  - Error messages. When an exception occurs due to malformed XML,
    detailed diagnostics are provided to help isolate and fix the
    problem.
  - Alternative output format. The modular design allows other output
    formats. XStream ships currently with JSON support and morphing.