| Release | Version |
|---|---|
| stretch | 1.4.9-2 |
| buster | 1.4.11.1-1 |
| bullseye | 1.4.14-1 |
| sid | 1.4.14-1 |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2020-26217 | vulnerable | vulnerable | fixed | fixed | XStream before version 1.4.14 is vulnerable to Remote Code Execution.T ... |
| Bug | Description |
|---|---|
| CVE-2019-10173 | It was found that xstream API version 1.4.10 before 1.4.11 introduced ... |
| CVE-2017-7957 | XStream through 1.4.9, when a certain denyTypes workaround is not used ... |
| CVE-2016-3674 | Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDri ... |
| CVE-2013-7285 | Xstream API versions up to 1.4.6 and version 1.4.10, if the security f ... |
| DSA / DLA | Description |
|---|---|
| DSA-3841-1 | libxstream-java - security update |
| DLA-930-1 | libxstream-java - security update |
| DLA-504-1 | libxstream-java - security update |
| DSA-3575-1 | libxstream-java - security update |