-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Jul 2019 16:23:23 -0400 Source: libspring-java Binary: libspring-core-java libspring-beans-java libspring-aop-java libspring-context-java libspring-context-support-java libspring-web-java libspring-web-servlet-java libspring-web-portlet-java libspring-test-java libspring-transaction-java libspring-jdbc-java libspring-jms-java libspring-orm-java libspring-expression-java libspring-oxm-java libspring-instrument-java Architecture: source all Version: 3.0.6.RELEASE-17+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: libspring-aop-java - modular Java/J2EE application framework - AOP libspring-beans-java - modular Java/J2EE application framework - Beans libspring-context-java - modular Java/J2EE application framework - Context libspring-context-support-java - modular Java/J2EE application framework - Context Support libspring-core-java - modular Java/J2EE application framework - Core libspring-expression-java - modular Java/J2EE application framework - Expression language libspring-instrument-java - modular Java/J2EE application framework - Instrumentation libspring-jdbc-java - modular Java/J2EE application framework - JDBC tools libspring-jms-java - modular Java/J2EE application framework - JMS tools libspring-orm-java - modular Java/J2EE application framework - ORM tools libspring-oxm-java - modular Java/J2EE application framework - Object/XML Mapping libspring-test-java - modular Java/J2EE application framework - Test helpers libspring-transaction-java - modular Java/J2EE application framework - transaction libspring-web-java - modular Java/J2EE application framework - Web libspring-web-portlet-java - modular Java/J2EE application framework - Portlet MVC libspring-web-servlet-java - modular Java/J2EE application framework - Web Portlet Closes: 760733 769698 796137 849167 Changes: libspring-java (3.0.6.RELEASE-17+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * Modify build path to include tomcat8-util.jar (now required as of tomcat8 8.0.14-1+deb8u4). * CVE-2014-3578: Fix directory traversal vulnerability that allows remote attackers to read arbitrary files via a crafted URL. (Closes: #760733) * CVE-2014-3625: Fix directory traversal vulnerability that allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. (Closes: #769698) * CVE-2015-3192: Fix improper processing of inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. (Closes: #796137) * CVE-2015-5211: Fix Reflected File Download (RFD) attack vulnerability, which allows a malicious user to craft a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. * CVE-2016-9878: Fix improper path sanitization in ResourceServlet, which allows directory traversal attacks. (Closes: #849167) Checksums-Sha1: 8b9712f8697f59e100891332d7f9dd613d9c519d 4571 libspring-java_3.0.6.RELEASE-17+deb8u1.dsc 54681c810cb8d918b54ab430441958a84c6440a9 11192531 libspring-java_3.0.6.RELEASE.orig.tar.gz 2c030b07009361c779a87fb79e154b95f8ec4497 36604 libspring-java_3.0.6.RELEASE-17+deb8u1.debian.tar.xz 17e30ae793a5b9b46c776d85251a708c55113296 365356 libspring-core-java_3.0.6.RELEASE-17+deb8u1_all.deb c2694f77eb8b83b49c092aebd0cb234e62d02e8f 517658 libspring-beans-java_3.0.6.RELEASE-17+deb8u1_all.deb 1513d2f5a727be0c6319addca415956beea7772b 328068 libspring-aop-java_3.0.6.RELEASE-17+deb8u1_all.deb ba3754c9f2f63ec8f4b79a50dfc0e9c67a4c2c6e 591244 libspring-context-java_3.0.6.RELEASE-17+deb8u1_all.deb 305e4f9fd4fa76f15a1c52a4a5ec3a6049057db0 114292 libspring-context-support-java_3.0.6.RELEASE-17+deb8u1_all.deb 27cd9fee386c4e4a88c3f046b8a21cd296c4b2af 374696 libspring-web-java_3.0.6.RELEASE-17+deb8u1_all.deb c238ede36fa353cd4cec319777771ece44b0dbe8 399142 libspring-web-servlet-java_3.0.6.RELEASE-17+deb8u1_all.deb 4631613939220414753eac3547e5bba1cdefcfa9 180610 libspring-web-portlet-java_3.0.6.RELEASE-17+deb8u1_all.deb c9af5b1643b604ca72c2b68b429af9673e77edb9 204958 libspring-test-java_3.0.6.RELEASE-17+deb8u1_all.deb 97728d027a50adfafa4fcc2d8f817c7fbc1b4616 212336 libspring-transaction-java_3.0.6.RELEASE-17+deb8u1_all.deb 0349b983af56170a083e7ceb667b007b3296fe4c 357550 libspring-jdbc-java_3.0.6.RELEASE-17+deb8u1_all.deb 3d17aa109a5f84e1d80f06a8719554ba98c94628 187038 libspring-jms-java_3.0.6.RELEASE-17+deb8u1_all.deb 39f00e9f07167353458ee99a878abb54c0c6c4af 316000 libspring-orm-java_3.0.6.RELEASE-17+deb8u1_all.deb 17823a2d915dbd8bbb7bc63036f90f4253b0b902 177314 libspring-expression-java_3.0.6.RELEASE-17+deb8u1_all.deb 8216619fd9abc3df02294dda896ffce3e9800406 81988 libspring-oxm-java_3.0.6.RELEASE-17+deb8u1_all.deb 0032114aeaf0cd2265b166098452f611e18170af 31290 libspring-instrument-java_3.0.6.RELEASE-17+deb8u1_all.deb Checksums-Sha256: fa38b2e7c435237e52a33b49bcc6bdf7f07599c151b9aba88d7d11a3943a43b8 4571 libspring-java_3.0.6.RELEASE-17+deb8u1.dsc 694c3efc4b4b0730c596b90a14a8e14e1a5d5be065f38a35c3e2e86c50dab04f 11192531 libspring-java_3.0.6.RELEASE.orig.tar.gz d39293faf74662ebd33a4ec226ce4b34f7ecd2ac3bd8ddddb9ddf22e17b638f9 36604 libspring-java_3.0.6.RELEASE-17+deb8u1.debian.tar.xz 4f09e28978869b9fcb5e8dc61c279d0f774438cd2d90ceb01336902198f17f89 365356 libspring-core-java_3.0.6.RELEASE-17+deb8u1_all.deb 5b76a00943054580feeea4785e7441020245202ffc64cd239355387e2342f7c6 517658 libspring-beans-java_3.0.6.RELEASE-17+deb8u1_all.deb 1e1ace34dd9c97402b181d8ed90438b4b2635e1c539004cf8910448cb523a242 328068 libspring-aop-java_3.0.6.RELEASE-17+deb8u1_all.deb 2dd9e12708ecb39a9e85eed4c6cc4776f225bd45cac93ddcd604023d64372232 591244 libspring-context-java_3.0.6.RELEASE-17+deb8u1_all.deb d531cfb9afc57a0f71d0a3a4f1da4e7a1ef558fa70e4a01af7829db9a27d2b8b 114292 libspring-context-support-java_3.0.6.RELEASE-17+deb8u1_all.deb 12348b5cb585dacfe709540f227b27cc3f68f564d35f2b923c5f3bd1fabdacab 374696 libspring-web-java_3.0.6.RELEASE-17+deb8u1_all.deb 61f80e42c2fea3e2c701d1535ede1216cdb6c8a3705e0972293c80bcdb388f0b 399142 libspring-web-servlet-java_3.0.6.RELEASE-17+deb8u1_all.deb 290923add9deef4eabe8f1434164013e14c41e103df9079eff50c9bae8e4a6f6 180610 libspring-web-portlet-java_3.0.6.RELEASE-17+deb8u1_all.deb d8bbca5148636eb3cc615fb322c4af5aa29a42ed21a588dfcca2a0f345ff591c 204958 libspring-test-java_3.0.6.RELEASE-17+deb8u1_all.deb b41759d5bfaf832ed50fc1a9181f8e01731f05757051be0c26fadd655257441b 212336 libspring-transaction-java_3.0.6.RELEASE-17+deb8u1_all.deb 0c8285aba2c940f749259216f2ff85902a39a3ab10d27b8691d2921396d611fa 357550 libspring-jdbc-java_3.0.6.RELEASE-17+deb8u1_all.deb 83674377a7dec2f24f3013de2667eb5bad8980494a78d99b7051f73f374c6db2 187038 libspring-jms-java_3.0.6.RELEASE-17+deb8u1_all.deb df6f62e1e8aba426f16169f558db07886ae3a4fe125ca0d3ad526e44ff60398c 316000 libspring-orm-java_3.0.6.RELEASE-17+deb8u1_all.deb dc067ebccc0232e8141a2ca4261b5bc21b974cbb78d961dca015e8f76815312a 177314 libspring-expression-java_3.0.6.RELEASE-17+deb8u1_all.deb 7eb2364e36229795f1c4fd062f55f01186a1783ab8c603f169c55e112a603ac0 81988 libspring-oxm-java_3.0.6.RELEASE-17+deb8u1_all.deb da205ded1f5b6371183d87d66c759044bc791b8ed120c8e3c1121dd48a0a215f 31290 libspring-instrument-java_3.0.6.RELEASE-17+deb8u1_all.deb Files: a58cd2b60081d943a8616723014e7d7a 4571 java extra libspring-java_3.0.6.RELEASE-17+deb8u1.dsc 94d0061e56d508cb9f935a6602ac5447 11192531 java extra libspring-java_3.0.6.RELEASE.orig.tar.gz 9337ce259558cc9790e758dff7bccf64 36604 java extra libspring-java_3.0.6.RELEASE-17+deb8u1.debian.tar.xz 316732ffbab93791285fc21ad10ab4d0 365356 java extra libspring-core-java_3.0.6.RELEASE-17+deb8u1_all.deb 5166e90dffbb902ef5f320bf017718f7 517658 java extra libspring-beans-java_3.0.6.RELEASE-17+deb8u1_all.deb 20a320faf7712dd83654a0d79fe103da 328068 java extra libspring-aop-java_3.0.6.RELEASE-17+deb8u1_all.deb 707faf1b9c1d01397ebb4c399dcf6ccf 591244 java extra libspring-context-java_3.0.6.RELEASE-17+deb8u1_all.deb 5513b67874d7f00c263340a885e1dda6 114292 java extra libspring-context-support-java_3.0.6.RELEASE-17+deb8u1_all.deb a8d8484b75b9a2090a859876e6bbaf50 374696 java extra libspring-web-java_3.0.6.RELEASE-17+deb8u1_all.deb 878ac1c07e6f70a2f0b58a663cbdeedc 399142 java extra libspring-web-servlet-java_3.0.6.RELEASE-17+deb8u1_all.deb 9659365a57237ab3a62540e2eed1ec09 180610 java extra libspring-web-portlet-java_3.0.6.RELEASE-17+deb8u1_all.deb e0cf0dc5def033477f5fa6bc17c96ea4 204958 java extra libspring-test-java_3.0.6.RELEASE-17+deb8u1_all.deb a84fa8f2cea84a59e1af8810d04c41e0 212336 java extra libspring-transaction-java_3.0.6.RELEASE-17+deb8u1_all.deb 744f5b684eb402591b9052b0a503c26d 357550 java extra libspring-jdbc-java_3.0.6.RELEASE-17+deb8u1_all.deb 208df94fdbb79df25b79155923621757 187038 java extra libspring-jms-java_3.0.6.RELEASE-17+deb8u1_all.deb 1a2696807b86f7e52f4f39e810d9964b 316000 java extra libspring-orm-java_3.0.6.RELEASE-17+deb8u1_all.deb 78ae57f5c2e779c8de7d0fa811ff5aba 177314 java extra libspring-expression-java_3.0.6.RELEASE-17+deb8u1_all.deb 2455bdd847cb3311d3a238a607a6f8b2 81988 java extra libspring-oxm-java_3.0.6.RELEASE-17+deb8u1_all.deb 25d572ef74a8f50554a7ed7c652fb95b 31290 java extra libspring-instrument-java_3.0.6.RELEASE-17+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl0qRBkACgkQldFmTdL1 kULPpg/+PFDzq4V/kRVuI42/oYuUMlkkXMvAQU3HGHFwJZOhomTbRuRHWjVBTYtP 5tlo6rCXL96VVXQW/lSFBfNdAgBdSyHVI7pwMEoYZVxezvamthAl5qf6ZiE5MQhR lW+38muTD8ZHYy6LswhgpI6WxTC2ljBsozcadP35ICNCFHSL1EOurihXo1t8Tr6P G7kOh2Rmv90Z9nbIpTm/u72amOfTezYqNk0ZexSvzTkBW7rarwiYeh84E7Z8Lfnx nBTo4CZB6xm9aIvjJLHYgelK1sM5H7Mj0voqtvNcsOK/JoxmI/RKM94sM7fa1VZ3 28VsEXtXLi3QfPoNyfCuj+UtWQD5VhPF9QxmakWHlx+Ao9rGfueghXKBFpNclADm 7UZR/Nx2OpSeyCIJMnbnkU8Ft25vqzZoLhBQV9i5mwHdvGDKGpw0fH+wkKfVlwOu i06wzpGhoMIlDTPpcmhN/z0T6itKHNDnVfilLxMvQTZ0fig/aBg6zmq7cXPc8ws1 p0kv+SsmjMrG2xBvDsgOPseSrpN53R9kRPtUSLPRMkdJtX1XavVIn2DWzCIwqMKV joHpRF+B/d+TIZjEbcFsRrwhLczoaDHrCJGBxHWjJf1al0pLuDVrR7q2wmC0TgPO CtFOESjgpa3/dTHbwhZzJqak8PO3wE9XFwQHStGaQXZjBbOIB0c= =or7I -----END PGP SIGNATURE-----