xmlgraphics-commons_2.4-2_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Mon Aug 2 07:48:26 BST 2021
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 02 Aug 2021 07:48:42 +0200
Source: xmlgraphics-commons
Architecture: source
Version: 2.4-2
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Closes: 984949
Changes:
xmlgraphics-commons (2.4-2) unstable; urgency=high
.
* Team upload.
* Fix CVE-2020-11988:
Apache XmlGraphics Commons is vulnerable to server-side request forgery,
caused by improper input validation by the XMPParser. By using a
specially-crafted argument, an attacker could exploit this vulnerability to
cause the underlying server to make arbitrary GET requests.
(Closes: #984949)
Checksums-Sha1:
066502068fd79f7b70fd420a5d1b21bcf0e2937e 2506 xmlgraphics-commons_2.4-2.dsc
1322e9063b93306cd4caf8d543cf1c71d8f86c20 8384 xmlgraphics-commons_2.4-2.debian.tar.xz
fe440d425e9dc34a8d3eae1157ef974c3e0727cc 13904 xmlgraphics-commons_2.4-2_amd64.buildinfo
Checksums-Sha256:
0fbe9ba7f83b17fd1baa9f3036d0bd241472e8d9ed5fb575ebf2a5b7b623c1a5 2506 xmlgraphics-commons_2.4-2.dsc
0da539f875afb4cb8f01a1d70a7c14e57d2bf2f163e18c43107cd90debc02ac3 8384 xmlgraphics-commons_2.4-2.debian.tar.xz
abfdf4c123d1071848ec1a1fac5320699e42766347a210f7ea4bd884450acb47 13904 xmlgraphics-commons_2.4-2_amd64.buildinfo
Files:
b07bc17f9906b1a14a4e8a9ecb3fbe04 2506 java optional xmlgraphics-commons_2.4-2.dsc
317ac3c4777df41fdde5a56427fbcb62 8384 java optional xmlgraphics-commons_2.4-2.debian.tar.xz
565c25c97916e70cd14a7d989e4ff750 13904 java optional xmlgraphics-commons_2.4-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEHkRhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HktTcQAIxcXHE2pAY+2DHcCzlWngkbSemQDJp4amEF
YCVBXy/hrvJDDvb3CSOSykdG8OPX3eUbSm6BptldnHlS0YNyd9B+hCh9LSVVmoKd
c8a3bMaEASjyogMX4WuEzlCKG6StxAd/+0EmL6nZoYQXoDVDC3uubkb6qL4TF4OO
6mZszw9BInZLI5TaWhLoB7K5Q+HNsCaWS7F/B346yNlCfOpA9okc5HV1gJqRHNju
RrgdgQpd6YXgkVk23bDy4ITKWh4F5AiPI6GdSFJ4K0ibGxcePqENvlKvaoSKWNJi
nV8CweH4Hu1Gad8WyUA9XLlqoSXE6cBlq78XOj2Ij7KUNsTBY7vpiv8+Oz6vLW/A
7t2Y/BONuoJJBo9oJpsqyxm6eHS+dnbAHmYqEPd2HfsdbKLPvVnTxb1DGtixjeJy
cBCXQjC6rkBcNo4okdTsvSJH9RmMEAba9UoiYnQgHGcByjBO/8LlQITPnpIhDFVH
V0Aa+istO7Dso0iFNpTul+D6cJmRYnvAnjUrf8nkv4/L0c9gF65xfJyWp/9g2SiN
aeby14ttzbzr48QB+2qtT4X9BCXwa8aK+HG03LJibG03KrbZc9+nUGXAAMvVQAKq
VSgHEaZrwHvulLWC9n5IR5S504hZyELHMrK2mdUVSHZMAPP7z/ODMl7NhHEqpCIc
reF/rJwK
=2sHl
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list