-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 23 Sep 2022 14:28:15 +0800 Source: maven-shared-utils Architecture: source Version: 3.3.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Aron Xu <aron@debian.org> Closes: 1012314 Changes: maven-shared-utils (3.3.0-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. . [Markus Koschany ] * Fix CVE-2022-29599: Apache Maven maven-shared-utils, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. (Closes: #1012314) Checksums-Sha1: bc503bf12b85f41fbe43e2dc4cde47c0f360f758 2039 maven-shared-utils_3.3.0-1+deb11u1.dsc 56d7890696c253da39ef7dc878098965ccd487c0 119656 maven-shared-utils_3.3.0.orig.tar.xz 239fc1e123f0b61cfcc8a0371b53638d7da21e52 6412 maven-shared-utils_3.3.0-1+deb11u1.debian.tar.xz 3e0ab7a5df351b63f9f45e30b513553f2d60b461 8665 maven-shared-utils_3.3.0-1+deb11u1_source.buildinfo Checksums-Sha256: 40a16a9a6aaff71977c73a56cb588a84c63456b11924c2d485a01efb6c9cbc74 2039 maven-shared-utils_3.3.0-1+deb11u1.dsc 11b00155d894a7e5f2bd4a0f81ca2b34236496019fdf9492aa458355fd16d674 119656 maven-shared-utils_3.3.0.orig.tar.xz 728d9433cc61a2980ff13f01f81234c404102d187eee4015e7acad26770a6f0c 6412 maven-shared-utils_3.3.0-1+deb11u1.debian.tar.xz 7700c9860ff9c2e0b599426c1b79e9b9eb11c2f370877bab1212e11f5a44257a 8665 maven-shared-utils_3.3.0-1+deb11u1_source.buildinfo Files: 767d924a9a8c2102bfc9e36453e14e00 2039 java optional maven-shared-utils_3.3.0-1+deb11u1.dsc e8986bb1ea7745c6bbf4dca7a2f8443a 119656 java optional maven-shared-utils_3.3.0.orig.tar.xz 7b542205305ab4f5efed4ff38caa9062 6412 java optional maven-shared-utils_3.3.0-1+deb11u1.debian.tar.xz ac3391d66b34c667d89b0de6d99d74f8 8665 java optional maven-shared-utils_3.3.0-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmMxEhgACgkQO1LKKgqv 2VRPlAf/aLkX2JtGG5ccPHzO2SLc9KrAtYAh36q3ea3DKYn7X575Vsxx0lN4/qLT +m1x/WKk00wvbUEL/YhR8StuTedZl93uJz0GnrtHFNupyB4YjXROpkb0eZIJa7B1 /UtViR875AJxTn3y2CGvbaaUWjQfnkSu00mIc34z74aExMnDuwIDUWwM3ag5YhMt ITIJdNJoM70Lz/ohUdIjfqaAzVhEpWrfsfs9oLNQ6Xz58svKlyaJl5bc3+V9WfNi UOczmO1Fxnak9F5q3ZY1PkMjUWt/me1hk/T9jkPxLiBs8d1SXyzOvAhR48xHxlu4 K5bZ/P9S1AyqaPoQT1kd8BfZfa6y0Q== =1MxI -----END PGP SIGNATURE-----
