plexus-archiver_1.2-1+deb8u1_allonly.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Jun 13 23:17:33 BST 2018
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 10 Jun 2018 21:17:18 +0200
Source: plexus-archiver
Binary: libplexus-archiver-java
Architecture: all source
Version: 1.2-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil at debian.org>
Closes: 900953
Description:
libplexus-archiver-java - Archiver plugin for the Plexus compiler system
Changes:
plexus-archiver (1.2-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fail when trying to extract outside of dest dir (CVE-2018-1002200)
Fixes arbitrary file write vulnerability using a specially crafted zip
file. (Closes: #900953)
Checksums-Sha1:
657a8d10077a1ef86195640062b5fc2fc6c1bfcd 2487 plexus-archiver_1.2-1+deb8u1.dsc
73b0cb563903c97dfa276b44409b852da78ffcf1 125994 plexus-archiver_1.2.orig.tar.gz
b0b0cddda2456ae3209ae5b79efa6e06c3a800d3 4404 plexus-archiver_1.2-1+deb8u1.debian.tar.xz
a53e3e54ec6cfbafc818a62da41d3256b2106b7b 165576 libplexus-archiver-java_1.2-1+deb8u1_all.deb
Checksums-Sha256:
e8551f1d118da04c0b72932a15ae49d7354e084997ca412d636d3b61bad5f686 2487 plexus-archiver_1.2-1+deb8u1.dsc
37c48eaa6af2d88476b885849a4e7157190a918c0259eeab7ead00c52d7d4e59 125994 plexus-archiver_1.2.orig.tar.gz
511b9a9aef380b5e86ee4063133d0780e331a09ed41a4b5f9d00fb3783fd5454 4404 plexus-archiver_1.2-1+deb8u1.debian.tar.xz
989a071a9667323c1777794d94cba2ac57edf8ad91914f49881a5d7342de19df 165576 libplexus-archiver-java_1.2-1+deb8u1_all.deb
Files:
ea05ae8a053cd0f1665f9fc82545b07e 2487 java optional plexus-archiver_1.2-1+deb8u1.dsc
72ab4e8d4505f8db159dc760fe85aef1 125994 java optional plexus-archiver_1.2.orig.tar.gz
d8a6b6749543a01c89196c62ea727f5d 4404 java optional plexus-archiver_1.2-1+deb8u1.debian.tar.xz
69d90ba3d7f5fb84ec9f05ec22c9df89 165576 java optional libplexus-archiver-java_1.2-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsdeqVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EwfUP/0WhTz9A/hNP7qc8C4uCz9pR8bMHs4bS
MZAxdVeVTSIoyRiavpWZ94cvMRlvKNb2TfBMasARrlGUQKHjd/TsHFdoX9V1pATb
x+RrgZksZFZTkqrRKJzUToHHG/L5nx9iRzZlWvwWfbqOxBuNPBRUo3+Z47I4EKYC
RJRA0ieNAq32h+4q0e1Fo0THCsB6WcqnIFQnQXkkYn+aO42TU8ezkfMrPYx1CI3z
uqavA75gQVCXSi2adwN2raUHYuuNibNi1I2PU3W2xVFQeewgHgwrG5L0KF5eaQmT
/Ca1ULuTiofb22lssAN5u0HOJEuFaBpGuh/xuH1WsodC9DusyS/dc4/ElUMJVCRx
+KX1fyFaHmTQ1Qe75MnFy+AfwytjVdBBgsDJ9fbjv9wKpRzhabV3rydsbm1e9v3X
7/nkHOOiSNlTcktvka0uYNmIywsaTQs+jTcmhprsNUme7GQMBCuIm8OPp/L+9JdA
Q4YYouaC8FfHHdCsp7IoJ3EykzHCM63zJqswyQDLUTOPJ2o6WwzCFZS0UEfqF/bf
i/vywAinRyVcEcd4/PvNi/W8CJmRdLsS7V48EXinTs6amK7L/K/RZ+7kF+ufwsOp
SAaMbP7NhCenvtN5xW2asg4A429/ysAz+vYpub0HknDrE4e4c1yaxsQ9pvc3EJ0s
3nFs435KuPi7
=9vFj
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list