Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted commons-vfs 2.1-5 (source) into unstable
Date: Thu, 03 Apr 2025 02:36:19 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 03 Apr 2025 03:38:38 +0200
Source: commons-vfs
Architecture: source
Version: 2.1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1101204
Changes:
 commons-vfs (2.1-5) unstable; urgency=medium
 .
   * Team upload.
   * Declare compliance with Debian Policy 4.7.2.
   * Force at least a Java 8 build to fix CVE-2025-27553.
   * Fix CVE-2025-27553: (Closes: #1101204)
     Arnout Engelen discovered a Relative Path Traversal vulnerability in
     Commons VFS, a Java library that provides a single API for accessing
     various different file systems. A local or remote attacker may use this
     flaw to access files and directories outside of a root folder.
Checksums-Sha1:
 3fa8a2afebf9e14d4799b57dbd7a4b03eee7bf8b 2426 commons-vfs_2.1-5.dsc
 d3b667a47925a5b80858ef1474032d037e579651 10992 commons-vfs_2.1-5.debian.tar.xz
 1346dc9795a06a29b1b2733e7c5488fb92ea38f7 15647 commons-vfs_2.1-5_amd64.buildinfo
Checksums-Sha256:
 039deba3b02f7c59b4a0c2d614f3ede4fb95d56fafb79f5acaa8efb0ff84556a 2426 commons-vfs_2.1-5.dsc
 514e443ffd2b7db8828945b450a6cebf9d7789284969ae0334dccb69079dfad3 10992 commons-vfs_2.1-5.debian.tar.xz
 052062defbab2cde4f896075e98875cb06c63ed4bb22def61c8bb0975ed4cf43 15647 commons-vfs_2.1-5_amd64.buildinfo
Files:
 0d49ad9d2709fd9a59f83438055e46f8 2426 java optional commons-vfs_2.1-5.dsc
 a0a9595802bb9663e50f89bf954a65f8 10992 java optional commons-vfs_2.1-5.debian.tar.xz
 15d91389c4b27bb41c09914492219590 15647 java optional commons-vfs_2.1-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmft6UpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkU3cP/iyHZ2g/xffZCRUdS/rOVa6//H7McDVOsgfy
Ws2uQIihx8nrXw72f3k+NTRptVHxR0v0Hqu7DFi56amU4RdzNSpKBzfN7EgvCJH3
+wqzpUBQ05rCrRV0qHqjWqYR24unqhcVoJqUYdodZSoLPMFlZQU5N+SwmBJl7jXV
JdeDBjwQUTs2WHjtcjK4/qLeybKyISskXqJziufzALkUzxFdFaXNFfF19fkWVzWO
8I/XL4/1r2xbhe8NaV5nz6wSHCRDWcqlLuux3Ngqd8iQF380d0DfIABaMfOc3rK+
cFn8B7TsPtEg/eOe5mqjTNheA2egmpXfq5v4xrCUgDsh7m6ShFraePIYvAj1z4/f
synCkCTxvfeO6zAcVqokLBm4sCkHF/EhWAvSEfN8q5hH119Nrab29AUfhKsO8Dss
gsztR/Yd8+/r5it+5505q3uKVbxHwKPmv+XwbArwhH55eOZgRZnfxH5G3Sj2LZ/X
unP5YHAitZeLH2T+XZeWAb36O3oMCifL7S+7nrAFkkn2j2+Kb0y7kIDOzSMF3rl5
g3/eQfJnkO6KMZbSho74BvEeP7JNNc6LRAv2ppRQ0JnCpOTddURT2W1ANwC8s0Yy
db1U3FxIzoC+Ae4PSMSD//JtUEFAxG3D2wXo4j3zGm89Osi9VOw46VqkGckgFoCj
StjqoOdS
=Wdk+
-----END PGP SIGNATURE-----

News for package commons-vfs