DSA-3403 libcommons-collections3-java - security update
|
Información sobre el sistema
|
|
|
Software afectado |
Debian |
Descripción
|
This update backports changes from the commons-collections 3.2.2 releasewhich disable the deserialisation of the functors classes unless thesystem property org.apache.commons.collections.enableUnsafeSerializationis set to true. This fixes a vulnerability in unsafe applicationsdeserialising objects from untrusted sources without sanitising theinput data. Classes considered unsafe are: CloneTransformer, ForClosure,InstantiateFactory, InstantiateTransformer,
More info:
https://www.debian.org/security/2015/dsa-3403 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
DSA-3403. |