mina2_2.2.1-4_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Jul 22 10:49:00 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 15 Jul 2025 23:47:20 +0200
Source: mina2
Architecture: source
Version: 2.2.1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Pierre Gruet <pgt at debian.org>
Closes: 1091530
Changes:
mina2 (2.2.1-4) unstable; urgency=medium
.
* Team upload
* Fixing CVE-2024-52046: The ObjectSerializationDecoder in Apache MINA uses
Java’s native deserialization protocol to process incoming serialized
data but lacks the necessary security checks and defenses. This
vulnerability allows attackers to exploit the deserialization process by
sending specially crafted malicious serialized data, potentially leading to
remote code execution (RCE) attacks.
Closes: #1091530
Checksums-Sha1:
0da4d640637d5c42cabc2b2c1883dc48156736fb 2189 mina2_2.2.1-4.dsc
525a8aac3c97862bc8c3ff71d38a86c825209344 21212 mina2_2.2.1-4.debian.tar.xz
54b18c999bf64bf1579892f705d6326832aa94cb 15214 mina2_2.2.1-4_amd64.buildinfo
Checksums-Sha256:
5e6af53180e548d6435ef243f10e289d5e20d18d5fb495378d23cd4fe3dd1254 2189 mina2_2.2.1-4.dsc
150c9dc97528c1f4204b8452786d8c9ee9cedd9f7caf3357150a3eb48881c7b8 21212 mina2_2.2.1-4.debian.tar.xz
7d117456845ce91a75cd074d2e370ebe4cb814b7212406ad0f34ad4fb9e41b07 15214 mina2_2.2.1-4_amd64.buildinfo
Files:
8db51ebe78141ff2a41fe655ee69d9d0 2189 java optional mina2_2.2.1-4.dsc
90f0ef17172a78d77a59f047f7c7a8cd 21212 java optional mina2_2.2.1-4.debian.tar.xz
39fc9c9bf45143559baa98ed51ceffd6 15214 java optional mina2_2.2.1-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmh/WOEACgkQYAMWptwn
dHZfGg/9Fj0GjvHHkesC+8F0Z9LlCoF7SO8oto2A1DYMMSze56aDsiNyBtpS0qHZ
N9LIoFxbMB0M9vFCfdGuwwpuXKC71G9+osAxMfIMWi6MMjdGuSBIalYbDQ82wL8z
Wt6KJSsFZ031MgrEyvri2q+ackuox7377Q6k2ujtfGZPgAekoLSl1CQteKOPCUvo
xkXrRtSSH2AfYdiKI/AiY1UEPalnkoQoS/L7AQcSlG8H+K11w57U06Lojx29gZmL
AZZ62/dph1G22ORl0bbRAUYxLfPX673QwE0yCAZRLz69DRq6IikxPfpZcqJGbBWf
/TlZ6pMR+H6LKo3WPNNfBbu8nBykj8pB6XrG4fyRpaR8WF5ORhccIg9r9/AEbS2g
h7rwpwx413vgsRtNOjfOPpIZ3zBdbLx+O+xqwEZtSscUO79PCeITTUlgs5OlBO5g
CoPCx1MFJUXqENYWsTEWgTGch6if7HTy2xeJF4rzL/0zPeuVczs6qZ3QP+X5wtTU
oLBXHauh0Jt85mcLywtVboMXIVu0eeNIC3AoCco9d0hzXAa9baABbcADxoWR9vll
E6TvG6FAVk5ajuj0KOnvlMJTgXN5wAhxcFhcm1Lp4jHXo1znSPDXM16+NoeBXE6t
evLNe1k+npXKacv14PjKV9kXnUO4QUoashiQJgT0aZIUfpIc5EU=
=3w1w
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20250722/da58be3c/attachment.sig>
More information about the pkg-java-maintainers
mailing list