This bug was fixed in the package libxstream-java - 1.4.7-1ubuntu0.1 --------------- libxstream-java (1.4.7-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: handle void type class (LP: #1780844) - d/p/CVE-2017-7957.patch: Prevent deserialization of void. - CVE-2017-7957 -- Dan Streetman <ddstr...@canonical.com> Mon, 09 Jul 2018 15:29:05 -0400 ** Changed in: libxstream-java (Ubuntu Trusty) Status: Confirmed => Fix Released ** Changed in: libxstream-java (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1780844 Title: CVE-2017-7957: XStream through 1.4.9 mishandles attempts to create an instance of the primitive type 'void' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxstream-java/+bug/1780844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs