ELA-729-1 libjettison-java security update

denial of service

2022-11-11
Packagelibjettison-java
Version1.4.0-1+deb9u1 (stretch)
Related CVEs CVE-2022-40149


It was discovered that libjettison-java, a collection of StAX parsers and writers for JSON, was vulnerable to a denial-of-service attack, if the attacker provided untrusted XML or JSON data.



For Debian 9 stretch, these problems have been fixed in version 1.4.0-1+deb9u1.

We recommend that you upgrade your libjettison-java packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support