Debian 10263 Published by

A libgoogle-gson-java security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue that may result in DoS attacks.



ELA-611-1 libgoogle-gson-java security update

Package libgoogle-gson-java
Version 2.2.4-1+deb8u1
Related CVEs CVE-2022-25647

src:libgoogle-gson-java, which helps convert Java objects into their JSON representation, is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

For Debian 8 jessie, these problems have been fixed in version 2.2.4-1+deb8u1.

We recommend that you upgrade your libgoogle-gson-java packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-611-1 libgoogle-gson-java security update