xmlgraphics-commons_2.4-2~deb11u1_source.changes ACCEPTED into testing-proposed-updates

Sun Aug 8 09:16:02 BST 2021

Mapping testing-security to testing-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Aug 2021 17:33:57 +0200
Source: xmlgraphics-commons
Architecture: source
Version: 2.4-2~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Closes: 984949
Changes:
 xmlgraphics-commons (2.4-2~deb11u1) bullseye-security; urgency=medium
 .
   * Team upload
   * Rebuild for bullseye-security.
 .
 xmlgraphics-commons (2.4-2) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2020-11988:
     Apache XmlGraphics Commons is vulnerable to server-side request forgery,
     caused by improper input validation by the XMPParser. By using a
     specially-crafted argument, an attacker could exploit this vulnerability to
     cause the underlying server to make arbitrary GET requests.
     (Closes: #984949)
Checksums-Sha1:
 53608a9a0f0d5b2770983d1aefb0c5cc8c09e98a 2538 xmlgraphics-commons_2.4-2~deb11u1.dsc
 c60e3051743229a062c560703e591530e06bc114 1057052 xmlgraphics-commons_2.4.orig.tar.xz
 ad932dc92723408104a25629f63afbef381c923e 8424 xmlgraphics-commons_2.4-2~deb11u1.debian.tar.xz
 a2f81ce4e7c1e66f65552f2aa753076d1b52202e 13984 xmlgraphics-commons_2.4-2~deb11u1_amd64.buildinfo
Checksums-Sha256:
 c0133622b4d5192e026ba94afba8edd46dfed6e0ec980ae8ec31c15b05b96b3f 2538 xmlgraphics-commons_2.4-2~deb11u1.dsc
 4099b5520c8a8ffbe96b3947a1c8d652600b376f5a43bd1f80782b00b6360d42 1057052 xmlgraphics-commons_2.4.orig.tar.xz
 a8e0084702108eb6bcc0e9a1ce347160d985a02406901e691ae0cb9373390f79 8424 xmlgraphics-commons_2.4-2~deb11u1.debian.tar.xz
 df9963bad367ac89d2da8f6e0e4d29fef32b86f317a47270f90043a7932ffaca 13984 xmlgraphics-commons_2.4-2~deb11u1_amd64.buildinfo
Files:
 3580d076487fdbfb58f8c57d040c8e67 2538 java optional xmlgraphics-commons_2.4-2~deb11u1.dsc
 65198c53972356174c80b118efe6b716 1057052 java optional xmlgraphics-commons_2.4.orig.tar.xz
 1fe8f684e457341935f5237fbe0b047b 8424 java optional xmlgraphics-commons_2.4-2~deb11u1.debian.tar.xz
 97f4ad8cf45e114468d7ae0c0441ef7b 13984 java optional xmlgraphics-commons_2.4-2~deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEOq0pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HksrMQALUNkuEPoDE60p83gUulsCc76GrMeiTfnQvJ
BlCLN2zpwYfOhCFWy29aannAZjBcarMJKnBdiQ4e9wO75oMgLw5/+ISyhlO9PrlB
O+LiLyusx+8jgd1RQHdeaujPkiRN3qKLGKRQc6mw/Nz58wbKUgnUPi0wMbXzKRFw
ZhejQnJ4SkkM9mtXGN/qAo1yA/uye8QtnkK92Aqw3M9Z6bP410jY6foKv5e8CTko
XNGhau+2ZGj3Y5dg/pcZ2X8pac2CtrgwZNenncMKgAUMlTRlJzoNVTBxRQVMSc1K
g2ygRAO9GxM4rwB57+/l1cHIfQBZBtVj3fwbo5lJaiPoay/k48kebIRypHldTOX0
iuPp1meIYhVfcynUVXTv1umC9FmQ2W9IYkb08Kaxk0ixWEn+3N7LmKQgB9wkxhR3
j9/NdAakYvAecOHEWAoRJWDHvOGrGZdXmC9K1Az4ElSbebxvN3B4wOkPMoksYRXF
sJAk1eZJJpklNYByg9FmCfn0aRy1acBIxZgCbYBUcllAwsFF5dkChawMJWYx/gWl
2ERRoQDOux5Hd7vVYoTyjfMgfAcaG3+xZEBgnSZO8z3ZM7Cs1Da/xiZA8zGs41Cv
nAAh/Lr4c8iWb7w5O3+5cJ3X+ExlS5v/iCUNWfsmTRVB+TjOKiM6XY27E6+gHy1f
CcWsu2X9
=QumA
-----END PGP SIGNATURE-----

Thank you for your contribution to Debian.