-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Oct 2022 18:25:14 CEST Source: bcel Architecture: source Version: 6.2-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: ff71c94bf67abf7697a4c7ead22fce70fb0d3fef 2349 bcel_6.2-1+deb10u1.dsc c8d899616a6270b3fcea66a16fd87f65ddd09255 992176 bcel_6.2.orig.tar.gz 1d0eb0e2b5277c4483e2f78995197227f6bc55a0 7212 bcel_6.2-1+deb10u1.debian.tar.xz aabe0992d4745f4c8a6ed82278f502ac99cc5a7d 13827 bcel_6.2-1+deb10u1_amd64.buildinfo Checksums-Sha256: 4431d0c041861b9bb446e516625102c5f8ea227e7de730c83c66f83b2077c2ee 2349 bcel_6.2-1+deb10u1.dsc d71da3d43796409b6547f259d7b2a5e0d83e8c2f6c87eced7e7d29541a368899 992176 bcel_6.2.orig.tar.gz a211f95adbc6394c77634aa68b017e95b1003f6999d56e41437c7244d3805856 7212 bcel_6.2-1+deb10u1.debian.tar.xz dbe2a868d31c3fc1ba933fd9580216b8253d3f44101a3b6b14e3da70f33924b0 13827 bcel_6.2-1+deb10u1_amd64.buildinfo Changes: bcel (6.2-1+deb10u1) buster-security; urgency=high . * Team upload. * Fix Fix CVE-2022-34169: The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. In Debian the vulnerable code is in the bcel source package. Files: d4b9d7cac947486b3e8dd2112e103146 2349 java optional bcel_6.2-1+deb10u1.dsc 896b38caae375a759a110ba92833417d 992176 java optional bcel_6.2.orig.tar.gz bd0778fc59e4a02b6e64b982ee4f7488 7212 java optional bcel_6.2-1+deb10u1.debian.tar.xz 82fd174b253f67433d000ad5d27ed0f9 13827 java optional bcel_6.2-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNO06RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkU0YP+gMIFurN89wXfyc44nM0v1sxoyuqYZn3/gU+ NPNprpGOGjvyY5WuBE26VPZohKkMN+9xstQoKFmXhtGVv5DWTcs3N6FRpWtcsmvr /TkXQtsGz9dZJWN9/MhPs3wW6pIIiLd+D1Y7qp4Ql9zRkTU0aGb5BJU+7cx7OKnp LlImFLENcrxMZT3BznPzWUDwsz3QiW/fYd8U8oRbk5rSvINxJxXtW5x4C3oSitEI BnkyEo/54wV5+06KhRtryM1rtzle9+lG8U/Q3ZO3D8/yHtH5lJA6oM+Mqo/YH/9x C/qwlFdThn+bSI2jjDSc1XfPzDBDEFiwY69UT0mETMLFXUl4wEdfiTf0W3bR9ZHc NLr9+ybHad/pgociS8Q4V6OWLpQ8oAv07cJRd66oNnBNPfelVhmxHAac0Qm/TWPE t4iD+mm9rJI0BFGEg0vHj/YiKxHWM239gnssjtGt2vjD/32yqlX+vnhQ25ynPnu9 /WAvOw79HY+VuTifqc2u9T2Lw3fU/5ud69zLvWFE6GmCt+MaFkLuy8E7q7AKMjNQ r7/F7ID/30QBszCpoTuFx/QzQpOPYCGRKT8HxVEMcKW3ndAexXeEV7Ib8SwrwvGL vJ7j1gavRFmChrh80rEHmppZVeaCMJbaEAHbUkkeCB82iAUw0+qmvXUfe4cjq37Z XZMA0aa9 =2+Oz -----END PGP SIGNATURE-----