GNU bug report logs - #47342
java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Tue, 23 Mar 2021 14:34:02 UTC

Severity: normal

Tags: security

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: 47342 <at> debbugs.gnu.org
Cc: lle-bout <at> zaclys.net, roptat <at> lepiller.eu
Subject: bug#47342: [PATCH 2/2] gnu: java-xstream: Update to 1.4.16 [security fixes].
Date: Tue, 23 Mar 2021 13:33:45 -0400

On Tue, Mar 23, 2021 at 03:38:40PM +0100, Léo Le Bouter via Bug reports for GNU Guix wrote:
> Fixes CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344,
> CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348,
> CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351.
> 
> * gnu/packages/xml.scm (java-xstream): Update to 1.4.16.
> [inputs]: Replace java-xpp3 with java-mxparser, the latter being a fork of the
> former made by upstream.

Thanks for the patch!

Pinging Julien...

This bug report was last modified 4 years and 121 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47342 java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351

GNU bug report logs - #47342
java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351