From: "Léo Le Bouter via Bug reports for GNU Guix" <bug-guix@gnu.org>
To: 47342@debbugs.gnu.org
Cc: "Léo Le Bouter" <lle-bout@zaclys.net>
Subject: bug#47342: [PATCH 2/2] gnu: java-xstream: Update to 1.4.16 [security fixes].
Date: Tue, 23 Mar 2021 15:38:40 +0100 [thread overview]
Message-ID: <20210323143840.22600-2-lle-bout@zaclys.net> (raw)
In-Reply-To: <20210323143840.22600-1-lle-bout@zaclys.net>
Fixes CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344,
CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348,
CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351.
* gnu/packages/xml.scm (java-xstream): Update to 1.4.16.
[inputs]: Replace java-xpp3 with java-mxparser, the latter being a fork of the
former made by upstream.
---
gnu/packages/xml.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 96287b3174..fdb8bff601 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -2217,7 +2217,7 @@ outputting XML data from Java code.")
(define-public java-xstream
(package
(name "java-xstream")
- (version "1.4.15")
+ (version "1.4.16")
(source
(origin
(method git-fetch)
@@ -2229,7 +2229,7 @@ outputting XML data from Java code.")
version)))))
(file-name (git-file-name name version))
(sha256
- (base32 "1178qryrjwjp44439pi5dxzd32896r5zs429z1qhlc09951r7mi9"))))
+ (base32 "16k2mc63h2fw7lxv74qmhg4p8q9hfrw114daa6nxwnpv08cnq755"))))
(build-system ant-build-system)
(arguments
`(#:jar-name "xstream.jar"
@@ -2244,7 +2244,7 @@ outputting XML data from Java code.")
("java-joda-time" ,java-joda-time)
("java-jettison" ,java-jettison)
("java-xom" ,java-xom)
- ("java-xpp3" ,java-xpp3)
+ ("java-mxparser" ,java-mxparser)
("java-dom4j" ,java-dom4j)
("java-stax2-api" ,java-stax2-api)
("java-woodstox-core" ,java-woodstox-core)
--
2.31.0
next prev parent reply other threads:[~2021-03-23 14:41 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-23 14:33 bug#47342: java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351 Léo Le Bouter via Bug reports for GNU Guix
2021-03-23 14:38 ` bug#47342: [PATCH 1/2] gnu: Add java-mxparser Léo Le Bouter via Bug reports for GNU Guix
2021-03-23 14:38 ` Léo Le Bouter via Bug reports for GNU Guix [this message]
2021-03-23 17:33 ` bug#47342: [PATCH 2/2] gnu: java-xstream: Update to 1.4.16 [security fixes] Leo Famulari
2021-03-23 17:42 ` Julien Lepiller
2021-03-23 22:31 ` bug#47342: java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351 Julien Lepiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210323143840.22600-2-lle-bout@zaclys.net \
--to=bug-guix@gnu.org \
--cc=47342@debbugs.gnu.org \
--cc=lle-bout@zaclys.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.