Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
01-java7-compatibility.patch | Replaces the call to Method.isDefault() by a reflexive call to compile with Java 7 | Emmanuel Bourg <ebourg@apache.org> | not-needed | 2021-08-27 | ||
02-disable-beastax-driver.patch | Removes the dependency on the com.bea.xml.stream package (not needed, allows us to drop the StAX dependency) | Emmanuel Bourg <ebourg@apache.org> | not-needed | 2021-08-27 | ||
no-mxparser.patch | no mxparser | Markus Koschany <apo@debian.org> | no | 2021-08-27 | ||
0004-CVE-2024-47072.patch | CVE-2024-47072 This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDrive |
joehni <joerg.schaible@gmx.de> | yes | upstream | backport, https://github.com/x-stream/xstream/commit/fdd9f7d3de0d7ccf2f9979bcd09fbf3e6a0c881a | 2024-09-18 |