libxstream-java (1.4.15-1) unstable; urgency=medium * Team upload. * New upstream version 1.4.15. (Closes: #977624, #977625) - Fix CVE-2020-26258: A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. - Fix CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. Thanks to Salvatore Bonaccorso for the report. * Ignore dependency on libjaxws-java. -- Markus Koschany Fri, 18 Dec 2020 01:51:35 +0100 libxstream-java (1.4.14-1) unstable; urgency=medium * Team upload. * New upstream version 1.4.14. - Fix CVE-2020-26217: may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. * Switch to debhelper-compat = 13. * Declare compliance with Debian Policy 4.5.1. * Ignore org.apache.maven.plugins:maven-antrun-plugin:jar. -- Markus Koschany Thu, 19 Nov 2020 20:46:52 +0100 libxstream-java (1.4.11.1-2) unstable; urgency=medium * Removed the dependency on libstax-java * Standards-Version updated to 4.5.0 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg Sun, 05 Apr 2020 23:08:19 +0200 libxstream-java (1.4.11.1-1) unstable; urgency=medium * Team upload. * New upstream version 1.4.11.1. -- Markus Koschany Sun, 11 Nov 2018 00:04:59 +0100 libxstream-java (1.4.11-1) unstable; urgency=medium * Team upload. * New upstream version 1.4.11. * Switch to compat level 11. * Declare compliance with Debian Policy 4.2.1. * Build-depend on libjaxb-api-java to fix FTBFS with Java 11. (Closes: #912377) * Add a new maven rule for xpp3 to fix a FTBFS. * Remove Damien Raude-Morvan from Uploaders. (Closes: #889445) -- Markus Koschany Sat, 10 Nov 2018 22:56:01 +0100 libxstream-java (1.4.10-1) unstable; urgency=medium * New upstream release - Removed CVE-2017-7957.patch (fixed upstream) * Standards-Version updated to 3.9.8 * Switch to debhelper level 10 -- Emmanuel Bourg Tue, 20 Jun 2017 10:22:33 +0200 libxstream-java (1.4.9-2) unstable; urgency=medium * Fixed CVE-2017-7957: Attempts to create an instance of the primitive type 'void' during unmarshalling lead to a remote application crash. (Closes: #861521) -- Emmanuel Bourg Tue, 02 May 2017 16:52:35 +0200 libxstream-java (1.4.9-1) unstable; urgency=medium * New upstream release - Fixes CVE-2016-3674: XML External Entity vulnerability (Closes: #819455) - Ignore the new xstream-jmh module - Updated the Maven rules * No longer build the xstream-benchmark module (never used in Debian) * Build with maven-debian-helper * Depend on libcglib-nodep-java instead of libcglib3-java * Standards-Version updated to 3.9.7 (no changes) * Use secure Vcs-* fields * Updated the old references to codehaus.org -- Emmanuel Bourg Tue, 29 Mar 2016 12:05:49 +0200 libxstream-java (1.4.8-1) unstable; urgency=medium * New upstream release * Added a patch to compile with Java 7 * Moved the package to Git -- Emmanuel Bourg Wed, 29 Apr 2015 17:53:25 +0200 libxstream-java (1.4.7-2) unstable; urgency=medium * Depend on libcglib3-java instead of libcglib-java * Standards-Version updated to 3.9.6 (no changes) -- Emmanuel Bourg Mon, 29 Sep 2014 19:53:09 +0200 libxstream-java (1.4.7-1) unstable; urgency=low * New upstream release - Fixes CVE-2013-7285 (Closes: #734821) - Added a dependency on libjdom2-java * Standards-Version updated to 3.9.5 (no changes) * Use XZ compression for the upstream tarball * Build depend on debhelper >= 9 * debian/copyright: Updated to the Copyright Format 1.0 -- Emmanuel Bourg Wed, 12 Mar 2014 14:06:33 +0100 libxstream-java (1.4.4-1) unstable; urgency=low * New upstream release * Update Standards-Version: 3.9.4 (no changes) * Use canonical URLs for the Vcs-* fields * debian/rules: Improved the clean target to allow rebuilds -- Emmanuel Bourg Tue, 02 Jul 2013 22:38:00 +0200 libxstream-java (1.4.2-1) unstable; urgency=low [ tony mancill ] * Remove Michael Koch from Uploaders (Closes: #654106) * Update Standards-Version: 3.9.3. [ Damien Raude-Morvan ] * New upstream release (Closes: #655908) - Add Build-Depends on libstax-java, libwoodstox-java, libstax2-api-java and libkxml2-java (and Suggests). * Use maven-ant-helper for build: - Add Build-Depends on maven-ant-helper. - New debian/build.xml. - Drop patch on MANIFEST.MF update and use jh_manifest. - Add Build-Depends on javahelper. * Add myself as Uploader. -- Damien Raude-Morvan Mon, 28 May 2012 23:14:16 +0200 libxstream-java (1.3.1-7) unstable; urgency=low * Switch to source format 3.0. * Update Standards-Version: 3.9.1. -- Torsten Werner Thu, 18 Aug 2011 15:01:00 +0200 libxstream-java (1.3.1-6) unstable; urgency=low [ Onkar Shinde ] * debian/control - Add quilt build dependency. * debian/rules - Include patchsys-quilt.mk rule. * debian/patches/01_fix_classpath.diff - Add appropriate jar files in classpath using manifest attribute. (LP: #457660) * debian/patches/series - Create new and include the new patch added. * debian/README.source - Add to comply with policy. [ Michael Koch ] * Added myself to Uploaders. -- Michael Koch Wed, 04 Nov 2009 21:10:05 +0100 libxstream-java (1.3.1-5) unstable; urgency=low * Switch to default-jdk * Build-Depends: replace cglib2.1 with cglib (Closes: #550613) * Bump Standards-Version to 3.8.3 * Bump dh compat to 7 -- Varun Hiremath Thu, 15 Oct 2009 14:35:55 -0400 libxstream-java (1.3.1-4) unstable; urgency=low * Add missing dependencies to Depends and Suggests -- Ludovic Claude Fri, 14 Aug 2009 23:30:34 +0100 libxstream-java (1.3.1-3) unstable; urgency=low * Upload to unstable. -- Torsten Werner Sun, 09 Aug 2009 12:57:52 +0200 libxstream-java (1.3.1-2) experimental; urgency=low * Change section to java * Bump up Standards-Version to 3.8.2 * Add ${misc:Depends} to Depends to clear Lintian warnings * Remove Depends on Java runtimes as it is a library * Add the Maven POM to the package * Add a Build-Depends-Indep dependency on maven-repo-helper -- Ludovic Claude Tue, 28 Jul 2009 20:51:09 +0100 libxstream-java (1.3.1-1) unstable; urgency=low * New upstream release * Minor cleanups -- Torsten Werner Thu, 01 Jan 2009 01:20:34 +0100 libxstream-java (1.3-4) unstable; urgency=low * Fix java bytecode / java runtime version mismatch by setting -source and -target to 1.5 (Closes: #503789) -- Varun Hiremath Sat, 01 Nov 2008 11:41:26 -0400 libxstream-java (1.3-3) unstable; urgency=low * Really move package to main. -- Torsten Werner Mon, 11 Aug 2008 18:13:41 +0200 libxstream-java (1.3-2) unstable; urgency=low * Build package with OpenJDK now. * Move package to main. * Bump Standards-Version: 3.8.0 (no changes needed). -- Torsten Werner Mon, 11 Aug 2008 17:50:31 +0200 libxstream-java (1.3-1) unstable; urgency=low * New upstream release * Add myself to Uploaders * Bump Standards-Version to 3.7.3 * Remove patches/encoding.diff - not required -- Varun Hiremath Thu, 28 Feb 2008 15:30:34 +0530 libxstream-java (1.2.2-1) unstable; urgency=low * initial version (Closes: #453149) -- Torsten Werner Sat, 24 Nov 2007 00:01:40 +0100