Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
xstream.19902
xstream.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xstream.changes of Package xstream.19902
------------------------------------------------------------------- Mon May 31 07:59:25 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Upgrade to 1.4.17 * Security fix: * bsc#1186651, CVE-2021-29505: potential code execution when unmarshalling with XStream instances using an uninitialized security framework ------------------------------------------------------------------- Thu Apr 15 14:31:31 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Upgrade to 1.4.16 * Security fixes: + bsc#1184796, CVE-2021-21351: remote attacker to load and execute arbitrary code + bsc#1184797, CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources + bsc#1184380, CVE-2021-21350: arbitrary code execution + bsc#1184374, CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time + bsc#1184378, CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host + bsc#1184375, CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host + bsc#1184379, CVE-2021-21342: server-side forgery + bsc#1184377, CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time + bsc#1184373, CVE-2021-21346: remote attacker could load and execute arbitrary code + bsc#1184372, CVE-2021-21345: remote attacker with sufficient rights could execute commands + bsc#1184376, CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host - Add patch: * Revert-MXParser-changes.patch + revert changes that would force us to add new dependency ------------------------------------------------------------------- Tue Mar 9 16:16:01 UTC 2021 - Johannes Renner <jrenner@suse.com> - Upgrade to 1.4.15 * fixes bsc#1180146, CVE-2020-26258 and bsc#1180145, CVE-2020-26259 - Upgrade to 1.4.14 * fixes bsc#1180994, CVE-2020-26217 - Update xstream to 1.4.15~susemanager Removed: * xstream_1_4_10-jdk11.patch * xstream_1_4_10-buildsh-sle12.patch * build.sh ------------------------------------------------------------------- Tue Mar 5 15:43:30 UTC 2019 - Frantisek Kobzik <fkobzik@suse.com> - Update xstream to 1.4.10 Added: * xstream_1_4_10-jdk11.patch * xstream_1_4_10-buildsh-sle12.patch * xstream-XSTREAM_1_4_10.tar.gz Removed: * 0001-Prevent-deserialization-of-void.patch * xstream-XSTREAM_1_4_9.tar.gz * xstream-XSTREAM_1_4_9-jdk11.patch - Major changes: - New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package). - Fix PrimitiveTypePermission to reject type void to prevent CVE-2017-7957 with an initialized security framework. - Improve performance by minimizing call stack of mapper chain. - XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora). - JavaBeanConverter does not respect ignored unknown elements. - Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x. - Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits. ------------------------------------------------------------------- Tue Feb 5 17:29:18 UTC 2019 - michele.bologna@suse.com - Feat: modify patch to be compatible with JDK 11 building Added: * xstream-XSTREAM_1_4_9-jdk11.patch Removed: * xstream-XSTREAM_1_4_9-jdk9.patch ------------------------------------------------------------------- Tue Dec 11 15:27:00 UTC 2018 - moio@suse.com - fixes for SLE 15 compatibility ------------------------------------------------------------------- Fri Dec 1 13:22:06 UTC 2017 - mc@suse.com - fix possible Denial of Service when unmarshalling void. (CVE-2017-7957, bsc#1070731) Added: * 0001-Prevent-deserialization-of-void.patch ------------------------------------------------------------------- Tue Nov 7 14:04:11 UTC 2017 - jgonzalez@suse.com - Fix build for JDK9 - Disable javadoc generation (broken for SLE15 and Tumbleweed) - Add: * xstream-XSTREAM_1_4_9-jdk9.patch - Changed: * build.sh ------------------------------------------------------------------- Tue Apr 5 21:17:09 UTC 2016 - moio@suse.com - Require building on Java 8, otherwise the LambdaMapper class is skipped (issue 30) ------------------------------------------------------------------- Tue Mar 29 12:50:05 UTC 2016 - moio@suse.com - Upgrade to version 1.4.9, which fixes CVE-2016-3674 (bsc#972950) ------------------------------------------------------------------- Tue Nov 10 07:25:59 UTC 2015 - moio@suse.com - Initial version
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor