-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2013 11:12:53 +0100 Source: libcommons-fileupload-java Binary: libcommons-fileupload-java libcommons-fileupload-java-doc Architecture: source all Version: 1.2.2-1+deb6u1 Distribution: squeeze-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libcommons-fileupload-java - File upload capability to your servlets and web applications libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads Closes: 726601 Changes: libcommons-fileupload-java (1.2.2-1+deb6u1) squeeze-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-2186.patch patch. CVE-2013-2186: Arbitrary file upload via deserialization. Properly validate repository in org.apache.commons.fileupload.disk.DiskFileItem. Thanks to Marc Deslauriers <marc.deslauriers@ubuntu.com> (Closes: #726601) Checksums-Sha1: 0659ff3343c66ffb693b10cb70ad5678a4388c0d 2329 libcommons-fileupload-java_1.2.2-1+deb6u1.dsc eac68561ffaa7412613458d5ac2d25d632f290bf 123220 libcommons-fileupload-java_1.2.2.orig.tar.gz 64ab16a040ce46ffcd20b840f3148453cb0296f2 6215 libcommons-fileupload-java_1.2.2-1+deb6u1.debian.tar.gz e6224adfd35436e38e70b7fd96f5fae1687704ae 53326 libcommons-fileupload-java_1.2.2-1+deb6u1_all.deb b8a3c68c840f691dc4246d9cad71e93b4f2c4a14 117858 libcommons-fileupload-java-doc_1.2.2-1+deb6u1_all.deb Checksums-Sha256: e9739c0f98381da0f66107731b59c21c818e5232f8e4b302e7da83936eac196b 2329 libcommons-fileupload-java_1.2.2-1+deb6u1.dsc 2f994b054b6514edd8d1bfe239db1dae5b7e581554d7c027c09d1b3afd832738 123220 libcommons-fileupload-java_1.2.2.orig.tar.gz eff51def523abb7c4081c66cd8b923989759c2fa6a99ab0c85e6ca723ddb8dd1 6215 libcommons-fileupload-java_1.2.2-1+deb6u1.debian.tar.gz 1694c7eb43ab507b9264b810526660ff619f768b2e19bc439b9a8e7d8a918b43 53326 libcommons-fileupload-java_1.2.2-1+deb6u1_all.deb 0b9a7b5f826e7ac40f9a78f1e3da215e35428e97d4160721d55ae40ad9f217b3 117858 libcommons-fileupload-java-doc_1.2.2-1+deb6u1_all.deb Files: 78dc4736bfd2e390566a871547e12360 2329 java optional libcommons-fileupload-java_1.2.2-1+deb6u1.dsc 9ec666ec10b4ffbc3b97a841dfd2c1d8 123220 java optional libcommons-fileupload-java_1.2.2.orig.tar.gz cafd1d184acdd1a93d441a48bf129574 6215 java optional libcommons-fileupload-java_1.2.2-1+deb6u1.debian.tar.gz d26f85e168f650357f07d97c46d9e721 53326 java optional libcommons-fileupload-java_1.2.2-1+deb6u1_all.deb e8affd66f1235ca95cbbf8bf6f54db1b 117858 doc optional libcommons-fileupload-java-doc_1.2.2-1+deb6u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJStggEAAoJEAVMuPMTQ89EchoP/0Kyu7m3q6v5G/WXRH6FbiN6 hr8jxsRjL4jkOFnTEKEOfjAl6NTmALu/VmZtlap9Rtq2UbKSS1N65gbhFsxlkZZr 36AtAsAZzTegSsXotmWKzczJrgjnQbS9mguNjugWr+rHu8ZZey6frTA3/3ZJsJ14 JrEIldB2HzwDnUeiHgTxbs5gb9vMih6h5UPiAKNP6PRS4UNlq8gAJfxg8ugrulGI hS19RMJ7fw8kYgNUY+7b72jvnl+rdQ/5LlswU86EHFOMCgdXxDd/5U5KqPdsTJkP 4HZxOkfG1duNfxu9J9Daptx9YopZPLBgFIBld71LiFFKN+P26vv/y3MsmfGOfqp2 NqkE5XnJ5M3rDighxjl/9O6X9a2oo9Io4Z+OqJchiCDz0DH59TKQ4aYCXpX+aHvJ aVD/FOfqEiHCqj5I443HJy0dMA6rQKKdn6ZvXdrRzmUtPQ2oneFnzxckNN7J5waM qB5hDMKL15PMWDCqqBuOejjOEFbHmRo3tSdTZkdVi2i3BvhiIBl2+sIGmxKonrXF o5Fk/bHI2WKXgouzdru8hhIPO5c3if0+vbfCGxC17SK3bkXP+h92izAtNcKFquFa 9rg045HWJiUBo1W9kvQRDe8UbL1ekyLlyGK/UArCLDK/WH4IQXypSCLYWI6bs5Rv M5G7YMJR8WEOt7Iv7GS4 =o8c/ -----END PGP SIGNATURE-----