[jsch] 04/08: Mark CVE-2016-5725 as fixed by the new version
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Thu Sep 1 22:10:48 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch master
in repository jsch.
commit cf0549125afad154e20023115bf4a749bc426c0e
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Thu Sep 1 22:48:33 2016 +0200
Mark CVE-2016-5725 as fixed by the new version
---
debian/changelog | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 8456d86..50e0974 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,11 @@
-jsch (0.1.53-2) UNRELEASED; urgency=medium
+jsch (0.1.54-1) UNRELEASED; urgency=medium
* Team upload.
+ * New upstream release
+ - Fixes CVE-2016-5725: Malicious SFTP servers may force a client-side
+ relative path traversal for recursive sftp-get allowing the server
+ to write files outside the clients download basedir with effective
+ permissions of the jsch sftp client process.
* Standards-Version updated to 3.9.8
* Use secure Vcs-* URLs
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/jsch.git
More information about the pkg-java-commits
mailing list