group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #24798
[Bug 1780844] [NEW] CVE-2017-7957: XStream through 1.4.9 mishandles attempts to create an instance of the primitive type 'void'
Public bug reported:
[impact]
XStream through 1.4.9, when a certain denyTypes workaround is not used,
mishandles attempts to create an instance of the primitive type 'void'
during unmarshalling, leading to a remote application crash, as
demonstrated by an xstream.fromXML("<void/>") call.
[test case]
self-test for failure is provided as part of the upstream commit
[regression potential]
regressions could include failing to parse the stream.
[other info]
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7957.html
https://x-stream.github.io/CVE-2017-7957.html
https://github.com/x-stream/xstream/commit/b3570be
** Affects: libxstream-java (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: libxstream-java (Ubuntu Trusty)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: libxstream-java (Ubuntu Xenial)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: libxstream-java (Ubuntu Artful)
Importance: Undecided
Status: Fix Released
** Affects: libxstream-java (Ubuntu Bionic)
Importance: Undecided
Status: Fix Released
** Affects: libxstream-java (Ubuntu Cosmic)
Importance: Undecided
Status: Fix Released
** Also affects: libxstream-java (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: libxstream-java (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: libxstream-java (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: libxstream-java (Ubuntu Cosmic)
Importance: Undecided
Status: New
** Also affects: libxstream-java (Ubuntu Artful)
Importance: Undecided
Status: New
** Changed in: libxstream-java (Ubuntu Cosmic)
Status: New => Fix Released
** Changed in: libxstream-java (Ubuntu Bionic)
Status: New => Fix Released
** Changed in: libxstream-java (Ubuntu Artful)
Status: New => Fix Released
** Changed in: libxstream-java (Ubuntu Xenial)
Status: New => In Progress
** Changed in: libxstream-java (Ubuntu Trusty)
Status: New => In Progress
** Changed in: libxstream-java (Ubuntu Trusty)
Importance: Undecided => Low
** Changed in: libxstream-java (Ubuntu Xenial)
Importance: Undecided => Low
** Changed in: libxstream-java (Ubuntu Trusty)
Assignee: (unassigned) => Dan Streetman (ddstreet)
** Changed in: libxstream-java (Ubuntu Xenial)
Assignee: (unassigned) => Dan Streetman (ddstreet)
** Changed in: libxstream-java (Ubuntu Trusty)
Importance: Low => Medium
** Changed in: libxstream-java (Ubuntu Xenial)
Importance: Low => Medium
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1780844
Title:
CVE-2017-7957: XStream through 1.4.9 mishandles attempts to create an
instance of the primitive type 'void'
Status in libxstream-java package in Ubuntu:
Fix Released
Status in libxstream-java source package in Trusty:
In Progress
Status in libxstream-java source package in Xenial:
In Progress
Status in libxstream-java source package in Artful:
Fix Released
Status in libxstream-java source package in Bionic:
Fix Released
Status in libxstream-java source package in Cosmic:
Fix Released
Bug description:
[impact]
XStream through 1.4.9, when a certain denyTypes workaround is not used,
mishandles attempts to create an instance of the primitive type 'void'
during unmarshalling, leading to a remote application crash, as
demonstrated by an xstream.fromXML("<void/>") call.
[test case]
self-test for failure is provided as part of the upstream commit
[regression potential]
regressions could include failing to parse the stream.
[other info]
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7957.html
https://x-stream.github.io/CVE-2017-7957.html
https://github.com/x-stream/xstream/commit/b3570be
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxstream-java/+bug/1780844/+subscriptions
Follow ups
