-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2013 22:33:27 +0100 Source: libcommons-fileupload-java Binary: libcommons-fileupload-java libcommons-fileupload-java-doc Architecture: source all Version: 1.2.2-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libcommons-fileupload-java - File upload capability to your servlets and web applications libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads Closes: 726601 Changes: libcommons-fileupload-java (1.2.2-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-2186.patch patch. CVE-2013-2186: Arbitrary file upload via deserialization. Properly validate repository in org.apache.commons.fileupload.disk.DiskFileItem. Thanks to Marc Deslauriers <marc.deslauriers@ubuntu.com> (Closes: #726601) * Add --java-lib to libcommons-fileupload-java.poms. In the resulting binary package the file commons-fileupload.jar in /usr/share/java is missing when rebuilding the package under wheezy. Thanks to Emmanuel Bourg <ebourg@apache.org> Checksums-Sha1: 41dbaf099f71ecd5f88b3f19e83708defb7e563b 2439 libcommons-fileupload-java_1.2.2-1+deb7u1.dsc b2332ba704f8ce8884cbb6922197d345d4e21670 6053 libcommons-fileupload-java_1.2.2-1+deb7u1.debian.tar.gz fd007668d38b425f723eba18c30272471ee709ae 54366 libcommons-fileupload-java_1.2.2-1+deb7u1_all.deb 3ae3f989241b6390bc662368e67631f1f690c847 375812 libcommons-fileupload-java-doc_1.2.2-1+deb7u1_all.deb Checksums-Sha256: 3c2ccb347ce4b1aca796e1a7871de32509043c531bb6b511ce9b10d895f49c37 2439 libcommons-fileupload-java_1.2.2-1+deb7u1.dsc 54db444d51787bb8e9fdef3f56e0eec7684627eac688305af6975709bd0e287a 6053 libcommons-fileupload-java_1.2.2-1+deb7u1.debian.tar.gz b3eb7778554a306cb503aa024259527a8111bf8c728a3a1f51e876d24eb792cd 54366 libcommons-fileupload-java_1.2.2-1+deb7u1_all.deb e134465e68068449e1c20e4683419aa342804f76903d0755145a5043e0efc96e 375812 libcommons-fileupload-java-doc_1.2.2-1+deb7u1_all.deb Files: 2e35c8386cdc67e6f6041d25454fa23f 2439 java optional libcommons-fileupload-java_1.2.2-1+deb7u1.dsc e153306eaa6e4519c5a5e4aac144101f 6053 java optional libcommons-fileupload-java_1.2.2-1+deb7u1.debian.tar.gz eb4886058f3f2ff3930b3ad7e71e32b5 54366 java optional libcommons-fileupload-java_1.2.2-1+deb7u1_all.deb a82892ed01e4d5c0220b695f2ff005a1 375812 doc optional libcommons-fileupload-java-doc_1.2.2-1+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJSuDL4AAoJEAVMuPMTQ89EzQQQAKK5NU/VQ9UAeBMkXLW2GXiW my6SptSAMPxDhjBvS9pknxQCO1+5uX0dqg09x/SsFBA2q7Hb4J9vxXW2swJr7L8H jtTn2lwJ7nI16GBGbx/GQQiJHv7fBaXSr5EFtXs7f+hH6uji5ZY5W204xiytD73O dBac2rp9Lqs9YZZ6IUNy3aqLrHfpHB1DWwX5Tn1JMl2tkD+okk7GrzrH07JiaGO0 D2Ot7ITncsUWRSUILQzAnB1pP08hFcmatdN5UEcYKo8lbfx3Zt8tczlsZ7BdCFbo 4DxJIT6rMUdcejYDPRa6M9wFLytV38wdr13MJcSvCS214GbO9ib21PTTORdVwmra 3qrVY/z5D5u3+JOoWBxdUT7ZZogE3yC+gML2yeZrXTuYbYbqWg6ziX4mLK4WzzH2 RhXdpRg6jXKXflrphySIiYTlmLiRY1q8jFP0etC1/m04yf07wdnokRdiqbb3auk6 yl87nfSgkRlm3XXNceOH9paqPx4UBsi0wgaDXux4mEquvffenQLPqvT1l23q28f+ dF6qfzKHxL1lPDCGPWnkp21jVFFDGK9mFvg4i/XequdEZ3aOLLUC+rHOnh8hz7AU 2T2uNFU/G91TBVWwRg2t0aTe+tiLTdd4OawXT8bspU9rGSm7+wANw+53qHjUXnl6 N+CKtK20Pur23GqeZo4t =yFEw -----END PGP SIGNATURE-----
