-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 07 Feb 2014 17:12:35 +0100 Source: libcommons-fileupload-java Binary: libcommons-fileupload-java libcommons-fileupload-java-doc Architecture: source all Version: 1.2.2-1+deb6u2 Distribution: squeeze-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebourg@apache.org> Description: libcommons-fileupload-java - File upload capability to your servlets and web applications libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads Changes: libcommons-fileupload-java (1.2.2-1+deb6u2) squeeze-security; urgency=high . * Team upload. * Fix CVE-2014-0050: Specially crafted input can trigger an infinite loop if the buffer used by the MultipartStream is not big enough. When constructing MultipartStream enforce the requirements for buffer size by throwing an IllegalArgumentException if the requested buffer size is too small. This prevents the DoS. * Enable the unit tests Checksums-Sha1: e9de424554b69c030387f1e34242057dda45fc60 1981 libcommons-fileupload-java_1.2.2-1+deb6u2.dsc 6ec5a162d5c120916559755990e619a9d106cd75 9551 libcommons-fileupload-java_1.2.2-1+deb6u2.debian.tar.gz 8f6286f7f0153b165ecbeabe7f95ab0cd72a40db 55570 libcommons-fileupload-java_1.2.2-1+deb6u2_all.deb 34ca54d4f75615193b7ca29468907ca1a1d5a131 112124 libcommons-fileupload-java-doc_1.2.2-1+deb6u2_all.deb Checksums-Sha256: f674ddb438a8a92463e9ede2f56d1773a80ad730ac70f21c9ed4a397b36b6c44 1981 libcommons-fileupload-java_1.2.2-1+deb6u2.dsc 701993d92c0efa720971f0352068fbe78f7efe6ce9665c8fb06c61a4338a2486 9551 libcommons-fileupload-java_1.2.2-1+deb6u2.debian.tar.gz 50a042878083c20922c3ab2f2e807de6d04860e1f667dd55bee59ac09b9ad656 55570 libcommons-fileupload-java_1.2.2-1+deb6u2_all.deb 1518be94ae5f82efcde6f15fa970435ed89540d3dcc07517e5c69962cb1c77b1 112124 libcommons-fileupload-java-doc_1.2.2-1+deb6u2_all.deb Files: 89110e5afc4176407e1d2a7ce10dd2e7 1981 java optional libcommons-fileupload-java_1.2.2-1+deb6u2.dsc 2a01eaddece4e66386a4cb08d04c498e 9551 java optional libcommons-fileupload-java_1.2.2-1+deb6u2.debian.tar.gz ac575de41261c7e15feabd37e928a715 55570 java optional libcommons-fileupload-java_1.2.2-1+deb6u2_all.deb 7ed1eb427608cd017ddd78d1d9c578b4 112124 doc optional libcommons-fileupload-java-doc_1.2.2-1+deb6u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJS9TKEAAoJEL97/wQC1SS+ygkH/igVk1nMsrx4tB3eAiiCProl OGGPBZJpF2DsWU7ttjStaoJNig/lt40FvTPR/810GtK7wBcqeR1lJIG04zr6lQfu ouZH5MlfpVb0lsIWAmemhW13RVBSHNzyGoNozfopX4edz5q+m22QAzMJJLw3CxNL i6g1ktHJfSxUecy2rdb4fFHUWoHzlwHQVIxTKTJ4kbad30hPROfzs7CsEGn4lY1j ATeZ4SgIZQ/0wuiOSL+FEUjLh6D9jmH7b9DXdPXV/sst7BkUpiC+mX9nLX5PlhtR ToAzsHL+9dgJJcjzp9pSjSMPnde3kzWlGtX1N0KLVc2oys7J+P9TAHdnkPiirUs= =pEKL -----END PGP SIGNATURE-----