Candidate: CVE-2016-3674
PublicDate: 2016-05-17 14:08:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3674
 http://x-stream.github.io/changes.html#1.4.9
Description:
 Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver,
 (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6)
 StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9
 allow remote attackers to read arbitrary files via a crafted XML document.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819455
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_libxstream-java:
upstream_libxstream-java: released (1.4.9-1)
precise_libxstream-java: ignored (reached end-of-life)
precise/esm_libxstream-java: DNE (precise was needed)
trusty_libxstream-java: ignored (out of standard support)
trusty/esm_libxstream-java: needed
vivid/stable-phone-overlay_libxstream-java: DNE
vivid/ubuntu-core_libxstream-java: DNE
wily_libxstream-java: ignored (reached end-of-life)
xenial_libxstream-java: ignored (end of standard support, was needed)
yakkety_libxstream-java: ignored (reached end-of-life)
zesty_libxstream-java: ignored (reached end-of-life)
artful_libxstream-java: ignored (reached end-of-life)
bionic_libxstream-java: not-affected (1.4.9-1)
cosmic_libxstream-java: not-affected (1.4.9-1)
disco_libxstream-java: not-affected (1.4.9-1)
eoan_libxstream-java: not-affected (1.4.9-1)
focal_libxstream-java: not-affected (1.4.9-1)
groovy_libxstream-java: not-affected (1.4.9-1)
hirsute_libxstream-java: not-affected (1.4.9-1)
impish_libxstream-java: not-affected (1.4.9-1)
jammy_libxstream-java: not-affected (1.4.9-1)
devel_libxstream-java: not-affected (1.4.9-1)