-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Dec 2022 21:37:41 CET Source: libcommons-net-java Architecture: source Version: 3.6-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 0e4c9c020e383167ae541efdab59807ff95d067a 2581 libcommons-net-java_3.6-1+deb11u1.dsc 9b066020b18f28f8d19c698690ac583ddd47c97e 7068 libcommons-net-java_3.6-1+deb11u1.debian.tar.xz 763e0af5854e58b70011acaba89ada2459f77d7a 14481 libcommons-net-java_3.6-1+deb11u1_amd64.buildinfo Checksums-Sha256: 50b200893ccc0eb72df9c06493a3cce8aee8fbcef05d8abd2e9a49f10fc7ad1c 2581 libcommons-net-java_3.6-1+deb11u1.dsc b34a957475c4d76b7585a0181e1141a9f807609f990a095674e5788ea28064ad 7068 libcommons-net-java_3.6-1+deb11u1.debian.tar.xz a62537fc2b6d8ca133dd3e3fd59e47af75bc406e4ecd74f83bcdfd1962667bb8 14481 libcommons-net-java_3.6-1+deb11u1_amd64.buildinfo Closes: 1025910 Changes: libcommons-net-java (3.6-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2021-37533: ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. (Closes: #1025910) Files: d7f58811f0534c249991b366b2bbca4e 2581 java optional libcommons-net-java_3.6-1+deb11u1.dsc ab5bfeb84fc1c36bc2d44b82d1403d70 7068 java optional libcommons-net-java_3.6-1+deb11u1.debian.tar.xz d0fd06a427f7c18bca9e2d92dceace4b 14481 java optional libcommons-net-java_3.6-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOt+ppfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkLwYP/Rbqr97ZvrDy+Cm79yEX9ysWwVpxBRCrVuNP Dt0WL+WveBJIwDjqNYH/JXj1xoyvsPjD8m7cv3zh53PPXcWBHDTEDNtVcnMdsbTv NKbQDECLaxudln6K/w1rYxLvC4kWy6UdvY/w/F76ys3UBk2w0cqWv55oQCNqlYgM ggdy6f73hHn5VD1ZU6ongg7TZBEbhoh5il9N7soK0ZZzssA9v+8aGXJ8lIkimXs5 fa5DCz1BZ33z81ETNOa5ckYf/iyxl9wFxDzblxXOKDp5iTSLMWDsbSdMTKz3MPVE xCl00P3K4W72Dp6hG6Nm3s9A3FBOp05iq/0l36FSKmuCErXsx4CVLbUfUbtwsxwW 5z6qTU5WmV86DoZvIVOJi3GL4ydZT6Oz1YhKVdMpH7dF0t40KG3kmaUpPg5mU993 6xR7kyiqkJ+pf/dQzoE0qWbpITdkMdu5Sp+jU6wJdRK+4cWBTXPrmTel+yFWlNWw h8uLcjB6QSUhAk8VmGW7zqM6gz6qGSAIvJNudt6j8QfGDRixtBkr+JA+eV0D6fgo wr/Inz5XLk+NdeB9YRfKlYIVqwlwhMS7umahXFUn7B7GY0l6zUDKKMfL5omVM3QL zQA/xMln5ew8deoOW/O8G0srT42Uj2Q0x2A1FhYmLCTroX5R90H6QDbFSP/4TNr8 8kSXgGw2 =yNYK -----END PGP SIGNATURE-----