Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <>
Subject: Accepted plexus-archiver 2.2-1+deb9u1 (source) into stable->embargoed, stable
Date: Tue, 12 Jun 2018 20:42:27 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 Jun 2018 16:49:48 +0200
Source: plexus-archiver
Binary: libplexus-archiver-java
Architecture: source
Version: 2.2-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 libplexus-archiver-java - Archiver plugin for the Plexus compiler system
Closes: 900953
Changes:
 plexus-archiver (2.2-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fail when trying to extract outside of dest dir (CVE-2018-1002200)
     Fixes arbitrary file write vulnerability using a specially crafted zip
     file. (Closes: #900953)
Checksums-Sha1:
 b240cce32f14ba1f7074af0ca35e0ef718872ee0 2480 plexus-archiver_2.2-1+deb9u1.dsc
 bcbe1e9013634eb77c20b90729c0434df9a11246 136141 plexus-archiver_2.2.orig.tar.gz
 2ac61f5c2eec9e3ffa532280bbe0cc9300a50a54 4924 plexus-archiver_2.2-1+deb9u1.debian.tar.xz
 3dc5d05a123c571d10063c6e3bec7c460be62b70 6188 plexus-archiver_2.2-1+deb9u1_source.buildinfo
Checksums-Sha256:
 840aeb21bbe2b43850123ec4b542cba9457eea26e766b63522576789616e1ce8 2480 plexus-archiver_2.2-1+deb9u1.dsc
 93572eafdbf0e037303a5a1ed7e91b9cb251a9072ae513067efa5ca3ca32570e 136141 plexus-archiver_2.2.orig.tar.gz
 4fccf74ef9cbea391933543f7cbd697aff405756c70b46a24aa355cd6c2376ab 4924 plexus-archiver_2.2-1+deb9u1.debian.tar.xz
 a50060addb77050187942a4cb64de024b3fc70f85cf53804650eccafb24b8cfe 6188 plexus-archiver_2.2-1+deb9u1_source.buildinfo
Files:
 5d56f32b90171db07195165d8eb1300d 2480 java optional plexus-archiver_2.2-1+deb9u1.dsc
 d3325095c0859aeac96aa14d7276a9d3 136141 java optional plexus-archiver_2.2.orig.tar.gz
 4df7e694bc223a6171b0e1073dcfa5ff 4924 java optional plexus-archiver_2.2-1+deb9u1.debian.tar.xz
 496b98e813ce1698fed3ae3ed9fe0648 6188 java optional plexus-archiver_2.2-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsdQPZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EHZ8QAIHNfzrr4KHOeg1RqEtRe3SiaFP5glqC
hBItfRF9CZavsfjipEj+eBHlu02prZYos+idX/sNV1v1JoP2Cm2sbv0sLtRyknjD
Iv2blbu3r/ajC2onZPdXtROkgO7xprguoB246CFEd9Zc8m7B1MpphO4UWc2yLm6g
TOx5XW8I3f5jcWqyhMfdaAxhfrN1ptRKDXO26iqvMqMtYysuRYaUtBy7smNOB2mP
BV9Ipsu2W7Kr6l0QECDTho421nYGmwzKcwgQhw4fQfLKeZfa0HtexPKM6202HdEm
yT3/nraZ1LlMTi912umXuz3W/SntLIPMF/Wntwe8Dj1XLsq0/ZoDsXeH5VX4UqMh
0XJQRgDZIc/BWzwk/nbZxkOSXR+o2MqvgRAIfADS1Sa/zTZzmo6KhVPQbjUOddPh
LUJvmvMAwRZM4HIEyqNF5nCRJEe4gP1aKMQKyGm5zox/SWLOty0pqnZEl3bmyRfn
UhWPOR9Yv4CBXEpLM6rvtUmEg8AlbVYnjhz8f+MkR5Rjgy3TU1JBy1TuuOlMlQG8
WCNC+2j9HdAnXRCs/vm0LrUjJVd+tYl6KEJE3grAZZiZs9TlhcxG6PNPdYJZyxfT
0A/JMN1WFKeochRQZaLmOpqX3rN17YIS/IIHwdHDL0gTWSpaqVGbDGlwln3h8tgZ
XMKO5pp4HeY/
=0J42
-----END PGP SIGNATURE-----
News for package plexus-archiver
