Change log : libjettison-java package : Debian

1.5.4-1

Published in sid-release on 2023-06-12

libjettison-java (1.5.4-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.5.4 (Closes: #1033846)
    - Fix CVE-2023-1436 - Infinite recursion in Jettison leads
      to denial of service when creating a crafted JSONArray

 -- tony mancill <email address hidden>  Sun, 11 Jun 2023 15:38:24 -0700

Available diffs

diff from 1.5.3-1 to 1.5.4-1 (1.5 KiB)

1.5.3-1~deb11u1

Published in bullseye-release on 2023-04-29

libjettison-java (1.5.3-1~deb11u1) bullseye-security; urgency=high

  * Team upload.
  * Fix CVE-2022-40150, CVE-2022-45685, CVE-2022-45693:
    denial of service via stack overflow / out of memory

 -- Markus Koschany <email address hidden>  Tue, 10 Jan 2023 22:18:24 +0100

1.5.3-1

Published in bookworm-release on 2023-06-01

Superseded in sid-release on 2023-06-12

libjettison-java (1.5.3-1) unstable; urgency=high

  * Team upload.
  * New upstream version 1.5.3.
    - Fix CVE-2022-40150, CVE-2022-45685, CVE-2022-45693:
      denial of service via stack overflow / out of memory
      (Closes: #1022553)
  * Declare compliance with Debian Policy 4.6.2.

 -- Markus Koschany <email address hidden>  Sat, 31 Dec 2022 11:18:53 +0100

Available diffs

diff from 1.5.1-1 to 1.5.3-1 (3.5 KiB)

1.5.1-1

Superseded in sid-release on 2022-12-31

libjettison-java (1.5.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.5.1.
  * Fix CVE-2022-40149:
    It was discovered that libjettison-java, a collection of StAX parsers and
    writers for JSON, was vulnerable to a denial-of-service attack, if the
    attacker provided untrusted XML or JSON data. (Closes: #1022554)

 -- Markus Koschany <email address hidden>  Thu, 10 Nov 2022 01:09:07 +0100

Available diffs

diff from 1.4.1-1 to 1.5.1-1 (6.3 KiB)

1.4.1-1

Superseded in bullseye-release on 2023-04-29

Superseded in sid-release on 2022-11-10

libjettison-java (1.4.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
  * Standards-Version updated to 4.5.1
  * Switch to debhelper level 13
  * Use salsa.debian.org Vcs-* URLs

 -- Emmanuel Bourg <email address hidden>  Mon, 18 Jan 2021 00:14:42 +0100

Available diffs

diff from 1.4.0-1 to 1.4.1-1 (6.1 KiB)

1.4.0-1

Published in buster-release on 2018-04-26

Superseded in sid-release on 2021-01-18

libjettison-java (1.4.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Build with Maven instead of Ant
    - Fixed the compatibility with the bundle plugin in Debian
  * Build with the DH sequencer instead of CDBS
  * Moved the package to Git
  * Standards-Version updated to 4.1.4
  * Switch to debhelper level 11
  * Track and download the new releases from GitHub
  * Converted debian/copyright to the Copyright Format 1.0

 -- Emmanuel Bourg <email address hidden>  Fri, 20 Apr 2018 16:28:48 +0200

Available diffs

diff from 1.2-3 (in Ubuntu) to 1.4.0-1 (101.6 KiB)

1.2-3

Superseded in buster-release on 2018-04-26

Published in stretch-release on 2015-05-04

Published in jessie-release on 2013-05-06

Published in wheezy-release on 2011-04-09

Superseded in sid-release on 2018-04-20

libjettison-java (1.2-3) unstable; urgency=low
  * Team upload.  * Install Maven artifacts (Closes: #620049).    Thanks to James Page <email address hidden> :    - debian/control: Add maven-repo-helper to Build-Depends.    - debian/rules: Use mh_installpom and mh_installjar instead of      install/dh_link.    - debian/pom.xml: Downloaded POM for Maven.    - debian/maven.rules: Force installed POM to use "jar" packaging.  * Update Standards-Version: 3.9.1 (no changes needed).  * Bump Debhelper compat level to 7 (and update B-D).  * Drop Depends on a JRE since it's a library package. -- Damien Raude-Morvan <email address hidden>  Wed, 30 Mar 2011 01:22:27 +0200

1.2-2

Superseded in wheezy-release on 2011-09-21

Published in squeeze-release on 2010-06-21