axis_1.4-28+deb11u1_source.changes ACCEPTED into oldstable-proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sun Nov 12 15:02:25 GMT 2023
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Oct 2023 14:05:20 +0200
Source: axis
Architecture: source
Version: 1.4-28+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Closes: 1051288
Changes:
axis (1.4-28+deb11u1) bullseye; urgency=medium
.
* Team upload.
* Fix CVE-2023-40743:
When integrating Apache Axis 1.x in an application, it may not have been
obvious that looking up a service through "ServiceFactory.getService"
allows potentially dangerous lookup mechanisms such as LDAP. When passing
untrusted input to this API method, this could expose the application to
DoS, SSRF and even attacks leading to RCE. (Closes: #1051288)
Checksums-Sha1:
912ed65a9be5a9b60d9d4861cba0d9eff0805960 2375 axis_1.4-28+deb11u1.dsc
9914108b8dd4c6497be68b3ed9762fc83c4742ec 14224 axis_1.4-28+deb11u1.debian.tar.xz
d383a0e57429a98ac147fe68605c423ba5274e90 10185 axis_1.4-28+deb11u1_amd64.buildinfo
Checksums-Sha256:
ff69b3a66b91acc43ba6b2b249e2533c543b89791f9ffb0ed85bab136d5e26ab 2375 axis_1.4-28+deb11u1.dsc
e1a743d7a7bc8ab284d08aa2dbcfe815e83a9be56010548aadb8ad8e608a4909 14224 axis_1.4-28+deb11u1.debian.tar.xz
7294ea93bf05f29c1d2a573192053748ebd67361f88404597006a1542678d813 10185 axis_1.4-28+deb11u1_amd64.buildinfo
Files:
7cb90eb7aa87899ba0f4041841139e15 2375 java optional axis_1.4-28+deb11u1.dsc
9e3a047d2f3f9eeee1b8fa4435b0f683 14224 java optional axis_1.4-28+deb11u1.debian.tar.xz
fe32b7720b9a2cbbd6055abb439335cc 10185 java optional axis_1.4-28+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUueflfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk2tYP/1c2Xt6PbQ9Mro9lOk3pKqQrre5fdCXpcetH
QpvF09P/WSNEKBPEKDCkblBJgNdqsrk74LVaMfMJQpWL4LqjSM817Pu97AzuOzXy
JW8moxi5sXcbJ1NE398n5sbljwWCqAALUNRnawJo9jK7LbYlA4NqHFlxkTExGmrx
9VTPs50+KgfYriCI/9skWn/eOcjlBgHjxulZoAHVtAn+bZvd7NthKQA5OXlKMVvn
lsRuZ3NiCTcr8FX1l3xXOfPYXURyPh+RD/n777IoesGkAjfFPoiHWorA2smq+05e
GHZD0vHg9L+4zCfFh3KvBnJA0ZOE2MrPI2gG4c5U+hTBKbqBfDLgzk5B2J/BTcpr
cFwvly9krMwIQv5/U39PmCpYpY04npbkhd/1kby72i0pizO4fyXZyUnsyF06sz4S
eODOtpemmhV4ws/eAwYYRpk0smqjYYHWxzahUwOFJUfeJUlh4Klwrzrn7O/q+CLF
0YAuFV21i31/VxJv0u+o5+w6JHXTQqOFKcrRDLfW6XAKuekj/NQi3RQgKKFR40lv
Kcxl4emBs5W+te2kCLJ0f7tvMza6901hljrfITSRUKycyHrHcmQ+K85ow6XfoY46
WgF+fzAWoXctDcHaqKDoOwFUP2yaEEUNtPtddQbCxGbxLQaRpAUj4nF0zHhavr/e
wmtd2k4A
=2Uy1
-----END PGP SIGNATURE-----
More information about the pkg-java-maintainers
mailing list