-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 30 Aug 2021 00:05:48 +0200 Source: libpdfbox2-java Architecture: source Version: 2.0.24-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 991526 Changes: libpdfbox2-java (2.0.24-1) unstable; urgency=high . * New upstream version 2.0.24. - Fix CVE-2021-31811: In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. - Fix CVE-2021-31812: In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. (Closes: #991526) * Remove debian/gbp.conf again until we reach a consensus in Debian how to maintain Git repositories. * Declare compliance with Debian Policy 4.6.0. Checksums-Sha1: 72f11ffdf71367b6c935ef3d9e47560ef8f74490 2560 libpdfbox2-java_2.0.24-1.dsc 9c4e9be56f4cee564eb4ea5fd5a3527dce2edf10 10258128 libpdfbox2-java_2.0.24.orig.tar.xz ec01214fa39c9c417f8072280a62e9279a3f1965 10148 libpdfbox2-java_2.0.24-1.debian.tar.xz a10786a7bb722d145010e79853ff983bced08a41 16159 libpdfbox2-java_2.0.24-1_amd64.buildinfo Checksums-Sha256: d00ef6506a05e07efcb29465707896cc306e9a0006f3458cb60b0273f942d842 2560 libpdfbox2-java_2.0.24-1.dsc 68f66ddb789564a7f99be32556fc0b69dec7a760a0e83ce520a39684436de602 10258128 libpdfbox2-java_2.0.24.orig.tar.xz 634c771d80cc58b8fe2dfc364031e3588c1ed734843f2d9878cc65025a667104 10148 libpdfbox2-java_2.0.24-1.debian.tar.xz 0bf8534401cceaddfb446beb37d3e3af708ffcb24d8e0926b4e342c34f3eea53 16159 libpdfbox2-java_2.0.24-1_amd64.buildinfo Files: bd54b7cccbccf8df2dd60441e7c4b7b5 2560 java optional libpdfbox2-java_2.0.24-1.dsc 8e21f3c9738c3ac0b5f6c00beb3c1f3a 10258128 java optional libpdfbox2-java_2.0.24.orig.tar.xz b7b965c424f8522f38f0db9990a0da63 10148 java optional libpdfbox2-java_2.0.24-1.debian.tar.xz f96d02628ab1d4e4646bf8de1eb14a1a 16159 java optional libpdfbox2-java_2.0.24-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEsB61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkphEQAJSIa2Vw4DWLVj1L+ag+ei8Q8W+Lm07oEPv8 AY3skFdbYG41gCSjwMrp8Kur0OdqssNHRXoPiT8aX2aS/4gVYk41SBpVm/UKUEeB AVRTHzokJmYbki3nOpKIJf+ARz0kh4k8OwHXcc4ZxPotv/7+8NFT6DzpUW0xokDE PA94SSG4X2PTlMPdmnMHqj0YXbe5nj/xG7noJWR0FyOKdWHD5WwtJdcXaIptLW3D 3YjUyoA+ocwam7u+bMqSb2w4yNsYAk2ceoEGkPp5IYkAyCGIrD/QDPU3aFC1nrRi Fo8HWGZC/zpHjiuCHCkIYJU3lvtWb+YHRcM5lWBCF9tydP4KY58RhQpC8jvTNuE7 WpexoCbiOl1qqVr10neNuqwgBaYs7/k3NgixbvcmzcLJr/AMjKKXP1EDCAT9fJGw EdNhwpuNZQasuerz3QCLIF6rb3YH+iX/xFQ8ehW5akXH0tA3X/rz98+DmzPPGMhP 9qxqiHt00P9K5U1jdez+2p5TVSfaGrOYHeElPO8YQh26d6+L4D0sM/lAEsBnYDUw Axt2uV5rrrxqodpFOsn70d0zOOFcQZJdkxQWSLQH5T1HMlux8pFGZnssosFXy065 tOc8utxRuFmNlSXLpJWZ2cwodxqklE0favVug2uDhzU8dav/MVLcl7/QpaUzXweS StuCnrzu =7N9V -----END PGP SIGNATURE-----