-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2765-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
September 23, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 23 Sep 2021 20:20:04 +0200
Source: mupdf
Architecture: source
Version: 1.14.0+ds1-4+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Kan-Ru Chen (陳侃如)
Changed-By: Anton Gladky
Changes:
mupdf
Hi Markus,
I have applied your patch and the pipelines are passed [1]. So, at least
nothing breaks from the "build side of view".
Yes, I took this package, but uf your are working on it, feel free to
reclaim it.
[1]
https://salsa.debian.org/lts-team/packages/libxstream-java/-/pipelines/292916
On Thu, Sep 23, 2021 at 05:03:46PM +0200, Markus Koschany wrote:
>
> You are right that all applications will break which rely on the
> deserialization feature of xstream and were not using a whitelist before.
> Everything else that just writes a POJO to XML should be unaffected. In
> general
>
Hi,
Am Mittwoch, dem 22.09.2021 um 20:57 +0200 schrieb Sylvain Beucler:
[...]
> >
> > I am pretty surprised because I had concluded that all reverse-dependencies
> > would break, due to not white-listing any app-specific class:
> > https://lists.debian.org/debian-lts/2021/06/msg00040.html
> >
>