commons-vfs_2.1-5_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Apr 3 03:36:19 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 03 Apr 2025 03:38:38 +0200
Source: commons-vfs
Architecture: source
Version: 2.1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Closes: 1101204
Changes:
commons-vfs (2.1-5) unstable; urgency=medium
.
* Team upload.
* Declare compliance with Debian Policy 4.7.2.
* Force at least a Java 8 build to fix CVE-2025-27553.
* Fix CVE-2025-27553: (Closes: #1101204)
Arnout Engelen discovered a Relative Path Traversal vulnerability in
Commons VFS, a Java library that provides a single API for accessing
various different file systems. A local or remote attacker may use this
flaw to access files and directories outside of a root folder.
Checksums-Sha1:
3fa8a2afebf9e14d4799b57dbd7a4b03eee7bf8b 2426 commons-vfs_2.1-5.dsc
d3b667a47925a5b80858ef1474032d037e579651 10992 commons-vfs_2.1-5.debian.tar.xz
1346dc9795a06a29b1b2733e7c5488fb92ea38f7 15647 commons-vfs_2.1-5_amd64.buildinfo
Checksums-Sha256:
039deba3b02f7c59b4a0c2d614f3ede4fb95d56fafb79f5acaa8efb0ff84556a 2426 commons-vfs_2.1-5.dsc
514e443ffd2b7db8828945b450a6cebf9d7789284969ae0334dccb69079dfad3 10992 commons-vfs_2.1-5.debian.tar.xz
052062defbab2cde4f896075e98875cb06c63ed4bb22def61c8bb0975ed4cf43 15647 commons-vfs_2.1-5_amd64.buildinfo
Files:
0d49ad9d2709fd9a59f83438055e46f8 2426 java optional commons-vfs_2.1-5.dsc
a0a9595802bb9663e50f89bf954a65f8 10992 java optional commons-vfs_2.1-5.debian.tar.xz
15d91389c4b27bb41c09914492219590 15647 java optional commons-vfs_2.1-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmft6UpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkU3cP/iyHZ2g/xffZCRUdS/rOVa6//H7McDVOsgfy
Ws2uQIihx8nrXw72f3k+NTRptVHxR0v0Hqu7DFi56amU4RdzNSpKBzfN7EgvCJH3
+wqzpUBQ05rCrRV0qHqjWqYR24unqhcVoJqUYdodZSoLPMFlZQU5N+SwmBJl7jXV
JdeDBjwQUTs2WHjtcjK4/qLeybKyISskXqJziufzALkUzxFdFaXNFfF19fkWVzWO
8I/XL4/1r2xbhe8NaV5nz6wSHCRDWcqlLuux3Ngqd8iQF380d0DfIABaMfOc3rK+
cFn8B7TsPtEg/eOe5mqjTNheA2egmpXfq5v4xrCUgDsh7m6ShFraePIYvAj1z4/f
synCkCTxvfeO6zAcVqokLBm4sCkHF/EhWAvSEfN8q5hH119Nrab29AUfhKsO8Dss
gsztR/Yd8+/r5it+5505q3uKVbxHwKPmv+XwbArwhH55eOZgRZnfxH5G3Sj2LZ/X
unP5YHAitZeLH2T+XZeWAb36O3oMCifL7S+7nrAFkkn2j2+Kb0y7kIDOzSMF3rl5
g3/eQfJnkO6KMZbSho74BvEeP7JNNc6LRAv2ppRQ0JnCpOTddURT2W1ANwC8s0Yy
db1U3FxIzoC+Ae4PSMSD//JtUEFAxG3D2wXo4j3zGm89Osi9VOw46VqkGckgFoCj
StjqoOdS
=Wdk+
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20250403/1d878df7/attachment.sig>
More information about the pkg-java-maintainers
mailing list