| Package | libjettison-java |
|---|---|
| Version | 1.4.0-1+deb9u1 (stretch) |
| Related CVEs | CVE-2022-40149 |
It was discovered that libjettison-java, a collection of StAX parsers and writers for JSON, was vulnerable to a denial-of-service attack, if the attacker provided untrusted XML or JSON data.
For Debian 9 stretch, these problems have been fixed in version 1.4.0-1+deb9u1.
We recommend that you upgrade your libjettison-java packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.