Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

xstream-parent-1.4.16-lp152.2.6.1 RPM for noarch

From OpenSuSE Leap 15.2 updates for noarch

Name: xstream-parent Distribution: openSUSE Leap 15.2
Version: 1.4.16 Vendor: openSUSE
Release: lp152.2.6.1 Build date: Wed Jun 2 18:12:25 2021
Group: Development/Libraries/Java Build host: build78
Size: 39693 Source RPM: xstream-1.4.16-lp152.2.6.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://x-stream.github.io/
Summary: Parent POM for xstream
Parent POM for xstream.

Provides

Requires

License

BSD-3-Clause

Changelog

* Thu Apr 15 2021 Fridrich Strba <fstrba@suse.com>
  - Upgrade to 1.4.16
    * Security fixes:
      + bsc#1184796, CVE-2021-21351: remote attacker to load and
      execute arbitrary code
      + bsc#1184797, CVE-2021-21349: SSRF can lead to a remote
      attacker to request data from internal resources
      + bsc#1184380, CVE-2021-21350: arbitrary code execution
      + bsc#1184374, CVE-2021-21348: remote attacker could cause
      denial of service by consuming maximum CPU time
      + bsc#1184378, CVE-2021-21347: remote attacker to load and
      execute arbitrary code from a remote host
      + bsc#1184375, CVE-2021-21344: remote attacker could load and
      execute arbitrary code from a remote host
      + bsc#1184379, CVE-2021-21342: server-side forgery
      + bsc#1184377, CVE-2021-21341: remote attacker could cause a
      denial of service by allocating 100% CPU time
      + bsc#1184373, CVE-2021-21346: remote attacker could load and
      execute arbitrary code
      + bsc#1184372, CVE-2021-21345: remote attacker with sufficient
      rights could execute commands
      + bsc#1184376, CVE-2021-21343: replace or inject objects, that
      result in the deletion of files on the local host
  - Add patch:
    * Revert-MXParser-changes.patch
      + revert changes that would force us to add new dependency
* Mon Jan 18 2021 Fridrich Strba <fstrba@suse.com>
  - Upgrade to 1.4.15
    * fixes bsc#1180146, CVE-2020-26258 and bsc#1180145,
      CVE-2020-26259
* Mon Jan 18 2021 Fridrich Strba <fstrba@suse.com>
  - Upgrade to 1.4.14
    * fixes bsc#1180994, CVE-2020-26217
  - Remove patches:
    * 0001-Prevent-deserialization-of-void.patch
    * xstream-1.4.9-javadoc.patch
      + integrated in upstream sources
* Tue Jun 04 2019 Fridrich Strba <fstrba@suse.com>
  - Initial packaging of xstream 1.4.9

Files

/usr/share/maven-metadata/xstream-xstream-parent.xml
/usr/share/maven-poms/xstream
/usr/share/maven-poms/xstream/xstream-parent.pom


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Nov 27 23:25:36 2021