Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted maven-shared-utils 3.0.0-1+deb9u1 (source) into oldoldstable
Date: Sun, 26 Jun 2022 19:10:12 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jun 2022 20:53:36 CEST
Source: maven-shared-utils
Binary: libmaven-shared-utils-java libmaven-shared-utils-java-doc
Architecture: source
Version: 3.0.0-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmaven-shared-utils-java - Replacement for plexus-utils in Maven
 libmaven-shared-utils-java-doc - Replacement for plexus-utils in Maven (documentation)
Checksums-Sha1:
 fb53c1f01ca4a6cbf9e41c4e44e4627d43ac0cab 2579 maven-shared-utils_3.0.0-1+deb9u1.dsc
 0c4f2ca8ba0fccd26ad207cf8623bb3cc6202658 117160 maven-shared-utils_3.0.0.orig.tar.xz
 5a69117af02c979e261849c00103c860ef8dbb93 5872 maven-shared-utils_3.0.0-1+deb9u1.debian.tar.xz
 7b8b1a3d2c63b5f58e717376c53ef70cb222a10a 16278 maven-shared-utils_3.0.0-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 dbb2bfe08a4b255f2d9711835e970b5954c2cf5e2aca8c2457ade98274de360a 2579 maven-shared-utils_3.0.0-1+deb9u1.dsc
 bfc0a4df7a77dbc7f76829fd17e6ac532cd086a5b2f1d84a25a7fcbcb147ea9c 117160 maven-shared-utils_3.0.0.orig.tar.xz
 8c804348a3a813c19baca3c798772c91b05fcba95502d23e94920cf37b4429c2 5872 maven-shared-utils_3.0.0-1+deb9u1.debian.tar.xz
 0608270a15c02868ac3a48fc263d5186517bbcfd83d15d3efd3f27fc7f8308df 16278 maven-shared-utils_3.0.0-1+deb9u1_amd64.buildinfo
Changes:
 maven-shared-utils (3.0.0-1+deb9u1) stretch-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2022-29599: Apache Maven maven-shared-utils,
     the Commandline class can emit double-quoted strings without proper
     escaping, allowing shell injection attacks.
Files:
 dc8fcce73678edfbf59f29182562bdd4 2579 java optional maven-shared-utils_3.0.0-1+deb9u1.dsc
 51edf3ef9dc9c9068a8ebb1768e257ca 117160 java optional maven-shared-utils_3.0.0.orig.tar.xz
 eb0796ac988197ec85fd92994f3ce2f2 5872 java optional maven-shared-utils_3.0.0-1+deb9u1.debian.tar.xz
 5c843546d203e0c7cbdaf7af08c790bb 16278 java optional maven-shared-utils_3.0.0-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmK4qzxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HktwcP+wfjpqJvPpFnyg88+rLmHuJCs/toS/rng9yu
TXpXOnVZX8CCfoXDqW7oDQQojsuWc2DO0Ghg17NLhsQ+5msEJL9sT5joU9VdKUlG
p+RfS3V51AktOUzirTjfFODUSlJ70VHWejO+qE9OzYeIR84LKNCxVu9s8Fx3WoKj
m1AwjHDcPop7cYHxcZ7lRFLEMkdIy6ftNBpo5bWbwzzUsNmtwdYF/xkM1dmsqAw/
FAHI6ki8inC05tBkGEA0teDRCs4aZyUp1Tcq4do2cKZXQKONlV34dKXky4jGLq0r
xWblxc+GbMDJhQaPnqFnch0QuMKsbCNxyKXo7dRsVA8o8n898jzgl5NbSE8K9Ydm
c7qxHd+4yp3IUyprDtvMVoOHrNF+SspjxL5MJH0RsB9kKgqFrer4LW6C44BR83t3
vjW/MuKQ/cu4XWzaqBhkK0u2eNxSNvsqZUTGi7Fn0AjseNubDJRa/bC3rIhzdtUJ
2t41UeSTD0Ej9F0UzOj6M+5kmD7SnG2mAPKkHsPsa1EQDtnFWb9CQ9RDmzl+WP76
nJw6cW1MPg97GaGysxkkqmIbNBCy0GGute4uCbz7h5lzfpkHww6s2081UHFEqvKV
7/oB3ZY+yGN7KDLvU2hTtCKLRxGoY3gx8ImHBSoaYSl9/ynVsICgTY8cF22hqT2n
/U7jWcVd
=mNqs
-----END PGP SIGNATURE-----

News for package maven-shared-utils