-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Oct 2022 17:41:54 CEST Source: bcel Architecture: source Version: 6.5.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 6d552599a48cfeb3c74e92bcdd5cd7c92b665f56 2354 bcel_6.5.0-1+deb11u1.dsc da213005869e74facf518ba22967b047ef5c00a4 707820 bcel_6.5.0.orig.tar.xz 76ffc1c948f33c11161cf689230bba73679c645d 7344 bcel_6.5.0-1+deb11u1.debian.tar.xz 9d524fd968b22e0ee1819d800fbbcbb109b1f475 14297 bcel_6.5.0-1+deb11u1_amd64.buildinfo Checksums-Sha256: 59e6c71562b86c219f51c6dd8c22f486ff32b308bfd6f32215f40cb8cf18938f 2354 bcel_6.5.0-1+deb11u1.dsc 14c4489220b11643b9cdbaa8b5d0521f593d296f00aae1025ca7052cd7940422 707820 bcel_6.5.0.orig.tar.xz a90f374395757b2bd7add4b92c44e49e670bb8d7e275f44268c67e54a7b91aae 7344 bcel_6.5.0-1+deb11u1.debian.tar.xz 9ee9fe13a0b417b7951d192132ef8e1a41e6126d68367218d4ef0409b948833c 14297 bcel_6.5.0-1+deb11u1_amd64.buildinfo Closes: 1015860 Changes: bcel (6.5.0-1+deb11u1) bullseye-security; urgency=high . * Team upload. * Fix CVE-2022-34169: The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. In Debian the vulnerable code is in the bcel source package. (Closes: #1015860) Files: e1ee34343dbc98f30413a25d9daa60e0 2354 java optional bcel_6.5.0-1+deb11u1.dsc 03ca482ec9fc77fb8ab4a8c742e375fc 707820 java optional bcel_6.5.0.orig.tar.xz b3709de7be44c3affa414ecc183a8d0d 7344 java optional bcel_6.5.0-1+deb11u1.debian.tar.xz 18f2466690a8b3a4427e6938d4963de7 14297 java optional bcel_6.5.0-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNOyU9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkzVgQAMITdP932bH3TO569rSTVD+LIzYjXtADwC7j dJEvHWODyYXJWxXxGazy3n+i+guPT+gA2YHynygc0JB7hmK/hmtHNXHP+mek2BeB 96Vr96gDnKq8kkshzjsqJzPRz7ZnRfE3aAC+QOzJJEpqlisAItT/eYj8htAYim0j n78gBhXlDjEh92gfip4sll3IqJoCJpX5+Iqbks16BjUXGzYP0x6GSmYfAkSxtxfk xP8of9ci5fKyBo7VA4dT3swLRM17BhBXZhMykfKFqQsN8dtsUFz+D2UrpoYgrd5W Fjnqs3uSieLZSQUWHmveiP35u7B94pi1px2uFA98eaU3GDr73EZfzH+8q7AHLUqR 8nckvf5jZcHmw9tjJ6CdB82tn8IILyjmMJNGUyhRUdfqFR9Qj8mP76XMyZODH3Av x7+xJ2Dh3l2aFPmZ+xPn5nsoTaSRHwwR33+YpCVXU8+0bBm8aUVy/rbepbG8+ozQ g8PmYdUDEb0YrBP/sbNtaW5l7cr/mia8jmMYkw8SVkMYvlQi0aqcO6cDSYw4dCgo APG6URwb8DD5VQajJL6Bih0bkJ+GIn51LC6MIzrfwKVeR8GW9b8DXG6pkVALqWd5 QLOb22/C8l3uEWDVaGxraaNBmzpSgILLHvP1ilwUA396bTEQj+aGviRMjGCSffcY tdrvH60v =1K1V -----END PGP SIGNATURE-----