Package: libcommons-collections3-java / 3.2.1-5+deb7u1

Metadata

Package Version Patches format
libcommons-collections3-java 3.2.1-5+deb7u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
OSGI_Manifest.diff | (download)

build.xml | 1 1 + 0 - 0 !
src/conf/MANIFEST.MF | 60 48 + 12 - 0 !
2 files changed, 49 insertions(+), 12 deletions(-)

---
disable_links.diff | (download)

build.xml | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

---
disable functors deserialization.patch | (download)

src/java/org/apache/commons/collections/functors/CloneTransformer.java | 4 4 + 0 - 0 !
src/java/org/apache/commons/collections/functors/ForClosure.java | 4 4 + 0 - 0 !
src/java/org/apache/commons/collections/functors/FunctorUtils.java | 34 34 + 0 - 0 !
src/java/org/apache/commons/collections/functors/InstantiateFactory.java | 6 5 + 1 - 0 !
src/java/org/apache/commons/collections/functors/InstantiateTransformer.java | 4 4 + 0 - 0 !
src/java/org/apache/commons/collections/functors/InvokerTransformer.java | 4 4 + 0 - 0 !
src/java/org/apache/commons/collections/functors/PrototypeFactory.java | 10 10 + 0 - 0 !
src/java/org/apache/commons/collections/functors/WhileClosure.java | 4 4 + 0 - 0 !
8 files changed, 69 insertions(+), 1 deletion(-)

 disable the deserialization of the functors classes unless
 the system property org.apache.commons.collections.enableUnsafeSerialization
 is set to true.
 .
 This fixes a vulnerability in unsafe applications deserializing objects
 from untrusted sources without sanitizing the input data.
 .
 https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread