commons-vfs_2.1-4+deb12u1_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Jul 17 11:18:55 BST 2025
Thank you for your contribution to Debian.
Mapping bookworm to stable.
Mapping stable to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Jun 2025 23:44:12 +0200
Source: commons-vfs
Architecture: source
Version: 2.1-4+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Daniel Leidert <dleidert at debian.org>
Closes: 1101204
Changes:
commons-vfs (2.1-4+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload by the Debian LTS team.
* d/maven.properties: Force a Java 8 build.
* d/patches/CVE-2025-27553.patch: Fix CVE-2025-27553 (closes: #1101204).
Arnout Engelen discovered a Relative Path Traversal vulnerability in
Commons VFS, a Java library that provides a single API for accessing
various different file systems. A local or remote attacker may use this
flaw to access files and directories outside of a root folder.
Checksums-Sha1:
81d87d57a5168200e704969a6ea6a6a656a98150 2307 commons-vfs_2.1-4+deb12u1.dsc
c0bbc09e0c32feff29bc381c0ac811582d3688e6 273272 commons-vfs_2.1.orig.tar.xz
c584ce0f10f7d0cac105c2e2add817990bcc31b3 11096 commons-vfs_2.1-4+deb12u1.debian.tar.xz
c33d9f683a6132cb027cbf3d85f578f262e8797a 15400 commons-vfs_2.1-4+deb12u1_amd64.buildinfo
Checksums-Sha256:
2d69bd534151c2855f27a8922ae44ca4b26fd43024ad66fcfee907d2f8295a3d 2307 commons-vfs_2.1-4+deb12u1.dsc
0a7a6d2f7515241fa5622ed5227b4464e521eecfc6d3924e02f03180e8f48f52 273272 commons-vfs_2.1.orig.tar.xz
8d5b084147e3c2c558f391ed169bfe6b38f05ad3169ab7b8b841994292123021 11096 commons-vfs_2.1-4+deb12u1.debian.tar.xz
62eb483bd71710dc7293fa3c940379aeb893adc4990364f333a9d6ef321060b7 15400 commons-vfs_2.1-4+deb12u1_amd64.buildinfo
Files:
e8f04d1a80ec428287bb68466792d180 2307 java optional commons-vfs_2.1-4+deb12u1.dsc
1ce77297ad403b477dafd27caf5f1ca1 273272 java optional commons-vfs_2.1.orig.tar.xz
6af0cb82a3697b1b9c13145b0c02db3d 11096 java optional commons-vfs_2.1-4+deb12u1.debian.tar.xz
f898a89e9a819520d96af1ec4c1b114c 15400 java optional commons-vfs_2.1-4+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmh4yF8ACgkQS80FZ8KW
0F1rBg/9EvLFobDq08vhetUsQ4fgluGcBmT8A2EyFpaOIkYECVrUp6fshvXjzirw
aKqYFoDJzWsXmfHsglyjQRxlBYJMXokiae2Ks4DJ0nXYpZdGr1B0r5J2aqMzKsGn
arIIMYC9pTz9UJCwmcwD5ZoiTmAZa5OebTDJhgZnIbY/CqzqoeY28lxZmbi6MO+w
d2nhInlyxBWmnyeBP1JOHHCkkJzj0O4Ndi400rnQ/EI9tlHUsaNSEFMuuo8GNGKc
GR8m4tPFyj+tBouGhdx44C8Dg5RaFi3KBaWKrQYcEO2j3f6b1rgtaSJZSmZRIlXV
qtd1JP7TtF/ngyXLGlF6N2SHe2P0MQ0tFpE5J+iZMZRfyTCZgS4DfQ95jmXSHz5r
LJkCj3/rsPX7Scu8F3UWazu2BicnG50o5vLEHWVxaqzHNvnOVNM57e7+E11+Kf9N
1zTuQCMh5a3Oo2r3NQeWDDTw6KJsydVq+9St85PidesJTt7RfoyFutyNVawwBwg5
X6LP+8R05XYUfv+yRtt7H7gSzZQD4LOXCd+XB/sladt1iBoUFed+mPfr4wk2nwyg
TF3D8cMuO+tcI/+4kEme4ZBaIIujVCz02UZefk0001u3of5jlW4ukTISeUbBBUh6
6eg1h5O9G70yozn2AbY5Kb7fC/1toYsZNVhlEGsuHKz+SV1gdqM=
=2fJc
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20250717/0d0f3ca0/attachment.sig>
More information about the pkg-java-maintainers
mailing list