Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted commons-vfs 2.1-2+deb11u1 (source) into oldstable-security
Date: Wed, 02 Apr 2025 19:20:20 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed,  2 Apr 2025 20:50:30 CEST
Source: commons-vfs
Architecture: source
Version: 2.1-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 8ca9eb9772cb379d1013ca355a62582646848e3c 2711 commons-vfs_2.1-2+deb11u1.dsc
 c0bbc09e0c32feff29bc381c0ac811582d3688e6 273272 commons-vfs_2.1.orig.tar.xz
 924c15213f9fbe09b0cb3f5cc612ef89ebc18c33 11164 commons-vfs_2.1-2+deb11u1.debian.tar.xz
 9c3afee1bc2e88aac08fb44658790d9d2a8beb06 14957 commons-vfs_2.1-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
 ef44191db6a9efe0300e42f55f0d1c83ffdd741728080fad9fa616c315c22675 2711 commons-vfs_2.1-2+deb11u1.dsc
 0a7a6d2f7515241fa5622ed5227b4464e521eecfc6d3924e02f03180e8f48f52 273272 commons-vfs_2.1.orig.tar.xz
 3862fb557ff5a2132e89a1e42b76e406ccb3963c74affd9b38ab0da4f4b62258 11164 commons-vfs_2.1-2+deb11u1.debian.tar.xz
 745298aafb033f017a04e2c0dc5d84aeb0bc8e62b7c3477c4d127a872a283b2b 14957 commons-vfs_2.1-2+deb11u1_amd64.buildinfo
Changes:
 commons-vfs (2.1-2+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2025-27553:
     Arnout Engelen discovered a Relative Path Traversal vulnerability in
     Commons VFS, a Java library that provides a single API for accessing
     various different file systems. A local or remote attacker may use this
     flaw to access files and directories outside of a root folder.
Files:
 3d18b77c9fb78cfc30deb0d217e3ee90 2711 java optional commons-vfs_2.1-2+deb11u1.dsc
 1ce77297ad403b477dafd27caf5f1ca1 273272 java optional commons-vfs_2.1.orig.tar.xz
 3f509e5d99b866b1b9ff94354f7e3db1 11164 java optional commons-vfs_2.1-2+deb11u1.debian.tar.xz
 e9b513e3a8920ab39438fcb89892c57c 14957 java optional commons-vfs_2.1-2+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfticJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkFXoQAIpdCLgu9basUSg5RfRdsSvS+mxUf5VBi1Qf
/9f5lRh0klO3lV+lcSVUN6dDriG26Z8nfqlY8Cley19iIXsQpJ1K1Fb0c/IA+OnM
CpOeY2qFnMdpLKZ9hYeqEaTl9zBl4EXsxtmpLNsnriTA9HNVLhUM3O8zUKNjFoA5
vfH+VIvbzZ8Yi46iwRw7yX8Bog5oD4taTbLqKef6Tiv/THR2bGIt2pQJDkmoXaCF
PZMPawWPfks6s+m6VfIS/4vr1sfkYezCpi3ALvxY+aUWu53wWTgFgIkPWIeZFuI2
ey2RZWZcRNVOypNH2Y8djqsenoa9pbgACsBskuE63TMEdFFh5cjkAqy8alD8Puct
wsiYWH/qHB6pO170fjozmrIAKTSbNepa5Zvc+y2sQgGonqsgdPpWHkCztcEGjkGq
irNClMJH4sKT+vwucEkAAx1mnNUwhopWSOchdX/YWmTc4MYnG/pzuN21XVuEYoK0
kaAjovjaEVMUAWNba6NktPIa68cz/6jpUjWMIDfuegaCpXTOw2iMdYn1OPvG9olg
6o5AtAo0WQRyxfXBGleJGHzAo8VQt3qu1DKT8+G3nviJPsRJBPl3izyDY7uHbasx
saHdT0YZNjxYzpXAvkmT59fhTOsn80d9GpXlfpOBNBe2vRlASkGJs6wq66y6+1C3
2AACDtfC
=5vmn
-----END PGP SIGNATURE-----

News for package commons-vfs