[ubuntu/focal-security] libxstream-java 1.4.11.1-1ubuntu0.1 (Accepted)
Paulo Flabiano Smorigo
pfsmorigo at canonical.com
Thu Jan 28 19:07:50 UTC 2021
libxstream-java (1.4.11.1-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Command Injection Vulnerability
- debian/patches/CVE-2020-26217.patch: New predefined blacklist avoids
vulnerability due to improper setup and update security vulnerability
test to test default.
- debian/patches/CVE-2020-26259.patch: Fix arbitrary File Deletion on the
local host.
- CVE-2020-26217
- CVE-2020-26259
* SECURITY UPDATE: Server-Side Request Forgery Vulnerability
- debian/patches/CVE-2020-26258.patch: Fix access data streams from an
arbitrary URL.
- CVE-2020-26258
* Add a new maven rule to fix FTBFS.
- debian/maven.ignoreRules: Add com.sun.xml.ws jaxws-rt.
Date: 2021-01-28 14:51:09.224605+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list