-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Aug 2021 17:33:57 +0200 Source: xmlgraphics-commons Architecture: source Version: 2.4-2~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 984949 Changes: xmlgraphics-commons (2.4-2~deb11u1) bullseye-security; urgency=medium . * Team upload * Rebuild for bullseye-security. . xmlgraphics-commons (2.4-2) unstable; urgency=high . * Team upload. * Fix CVE-2020-11988: Apache XmlGraphics Commons is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (Closes: #984949) Checksums-Sha1: 53608a9a0f0d5b2770983d1aefb0c5cc8c09e98a 2538 xmlgraphics-commons_2.4-2~deb11u1.dsc c60e3051743229a062c560703e591530e06bc114 1057052 xmlgraphics-commons_2.4.orig.tar.xz ad932dc92723408104a25629f63afbef381c923e 8424 xmlgraphics-commons_2.4-2~deb11u1.debian.tar.xz a2f81ce4e7c1e66f65552f2aa753076d1b52202e 13984 xmlgraphics-commons_2.4-2~deb11u1_amd64.buildinfo Checksums-Sha256: c0133622b4d5192e026ba94afba8edd46dfed6e0ec980ae8ec31c15b05b96b3f 2538 xmlgraphics-commons_2.4-2~deb11u1.dsc 4099b5520c8a8ffbe96b3947a1c8d652600b376f5a43bd1f80782b00b6360d42 1057052 xmlgraphics-commons_2.4.orig.tar.xz a8e0084702108eb6bcc0e9a1ce347160d985a02406901e691ae0cb9373390f79 8424 xmlgraphics-commons_2.4-2~deb11u1.debian.tar.xz df9963bad367ac89d2da8f6e0e4d29fef32b86f317a47270f90043a7932ffaca 13984 xmlgraphics-commons_2.4-2~deb11u1_amd64.buildinfo Files: 3580d076487fdbfb58f8c57d040c8e67 2538 java optional xmlgraphics-commons_2.4-2~deb11u1.dsc 65198c53972356174c80b118efe6b716 1057052 java optional xmlgraphics-commons_2.4.orig.tar.xz 1fe8f684e457341935f5237fbe0b047b 8424 java optional xmlgraphics-commons_2.4-2~deb11u1.debian.tar.xz 97f4ad8cf45e114468d7ae0c0441ef7b 13984 java optional xmlgraphics-commons_2.4-2~deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEOq0pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HksrMQALUNkuEPoDE60p83gUulsCc76GrMeiTfnQvJ BlCLN2zpwYfOhCFWy29aannAZjBcarMJKnBdiQ4e9wO75oMgLw5/+ISyhlO9PrlB O+LiLyusx+8jgd1RQHdeaujPkiRN3qKLGKRQc6mw/Nz58wbKUgnUPi0wMbXzKRFw ZhejQnJ4SkkM9mtXGN/qAo1yA/uye8QtnkK92Aqw3M9Z6bP410jY6foKv5e8CTko XNGhau+2ZGj3Y5dg/pcZ2X8pac2CtrgwZNenncMKgAUMlTRlJzoNVTBxRQVMSc1K g2ygRAO9GxM4rwB57+/l1cHIfQBZBtVj3fwbo5lJaiPoay/k48kebIRypHldTOX0 iuPp1meIYhVfcynUVXTv1umC9FmQ2W9IYkb08Kaxk0ixWEn+3N7LmKQgB9wkxhR3 j9/NdAakYvAecOHEWAoRJWDHvOGrGZdXmC9K1Az4ElSbebxvN3B4wOkPMoksYRXF sJAk1eZJJpklNYByg9FmCfn0aRy1acBIxZgCbYBUcllAwsFF5dkChawMJWYx/gWl 2ERRoQDOux5Hd7vVYoTyjfMgfAcaG3+xZEBgnSZO8z3ZM7Cs1Da/xiZA8zGs41Cv nAAh/Lr4c8iWb7w5O3+5cJ3X+ExlS5v/iCUNWfsmTRVB+TjOKiM6XY27E6+gHy1f CcWsu2X9 =QumA -----END PGP SIGNATURE-----
