Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted xmlgraphics-commons 2.4-2 (source) into unstable
Date: Mon, 02 Aug 2021 06:48:26 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 02 Aug 2021 07:48:42 +0200
Source: xmlgraphics-commons
Architecture: source
Version: 2.4-2
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 984949
Changes:
 xmlgraphics-commons (2.4-2) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2020-11988:
     Apache XmlGraphics Commons is vulnerable to server-side request forgery,
     caused by improper input validation by the XMPParser. By using a
     specially-crafted argument, an attacker could exploit this vulnerability to
     cause the underlying server to make arbitrary GET requests.
     (Closes: #984949)
Checksums-Sha1:
 066502068fd79f7b70fd420a5d1b21bcf0e2937e 2506 xmlgraphics-commons_2.4-2.dsc
 1322e9063b93306cd4caf8d543cf1c71d8f86c20 8384 xmlgraphics-commons_2.4-2.debian.tar.xz
 fe440d425e9dc34a8d3eae1157ef974c3e0727cc 13904 xmlgraphics-commons_2.4-2_amd64.buildinfo
Checksums-Sha256:
 0fbe9ba7f83b17fd1baa9f3036d0bd241472e8d9ed5fb575ebf2a5b7b623c1a5 2506 xmlgraphics-commons_2.4-2.dsc
 0da539f875afb4cb8f01a1d70a7c14e57d2bf2f163e18c43107cd90debc02ac3 8384 xmlgraphics-commons_2.4-2.debian.tar.xz
 abfdf4c123d1071848ec1a1fac5320699e42766347a210f7ea4bd884450acb47 13904 xmlgraphics-commons_2.4-2_amd64.buildinfo
Files:
 b07bc17f9906b1a14a4e8a9ecb3fbe04 2506 java optional xmlgraphics-commons_2.4-2.dsc
 317ac3c4777df41fdde5a56427fbcb62 8384 java optional xmlgraphics-commons_2.4-2.debian.tar.xz
 565c25c97916e70cd14a7d989e4ff750 13904 java optional xmlgraphics-commons_2.4-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEHkRhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HktTcQAIxcXHE2pAY+2DHcCzlWngkbSemQDJp4amEF
YCVBXy/hrvJDDvb3CSOSykdG8OPX3eUbSm6BptldnHlS0YNyd9B+hCh9LSVVmoKd
c8a3bMaEASjyogMX4WuEzlCKG6StxAd/+0EmL6nZoYQXoDVDC3uubkb6qL4TF4OO
6mZszw9BInZLI5TaWhLoB7K5Q+HNsCaWS7F/B346yNlCfOpA9okc5HV1gJqRHNju
RrgdgQpd6YXgkVk23bDy4ITKWh4F5AiPI6GdSFJ4K0ibGxcePqENvlKvaoSKWNJi
nV8CweH4Hu1Gad8WyUA9XLlqoSXE6cBlq78XOj2Ij7KUNsTBY7vpiv8+Oz6vLW/A
7t2Y/BONuoJJBo9oJpsqyxm6eHS+dnbAHmYqEPd2HfsdbKLPvVnTxb1DGtixjeJy
cBCXQjC6rkBcNo4okdTsvSJH9RmMEAba9UoiYnQgHGcByjBO/8LlQITPnpIhDFVH
V0Aa+istO7Dso0iFNpTul+D6cJmRYnvAnjUrf8nkv4/L0c9gF65xfJyWp/9g2SiN
aeby14ttzbzr48QB+2qtT4X9BCXwa8aK+HG03LJibG03KrbZc9+nUGXAAMvVQAKq
VSgHEaZrwHvulLWC9n5IR5S504hZyELHMrK2mdUVSHZMAPP7z/ODMl7NhHEqpCIc
reF/rJwK
=2sHl
-----END PGP SIGNATURE-----

News for package xmlgraphics-commons