Accepted axis 1.4-29 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted axis 1.4-29 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 16 Oct 2023 23:34:18 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: axis_1.4-29_source.changes
- Debian-source: axis
- Debian-suite: unstable
- Debian-version: 1.4-29
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=H0xlWNjidOvHbjSeYbTy3px97rl3hQFBACzU4d8GdcU=; b=PDTY2i3DZLeZnZ1m53qAw5hAJj N/SUYQSYR7U9h6xqGKlwJa5Qoo2YfX00/n8tWMm6Trvwbae8pBDluHiPhC1OHoMrYTaRcOCuJ1BnY zDAfPHHczvrPvBr2OpBFsnrZ/6asg8bbQDUQvDVWFt8hDburAnxYeo4Pv0ptdU6Lum+idS9hZWIpx uCejKOtUoMp5LO9VMz5eb+PxMZWtGac22Gq/XAwXssE2y7mOO6UiLqRsNpQJJHGYd1JrkWGUqo9B3 VsUIaQzQSnSDexhIZxUB1MUZqjqmStnkfAwKwq9nCTpn7ieK/78ec+cy10j+4O535DmdOcs/7pkCN bPcGxAFw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qsX6I-008DfP-3j@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Oct 2023 01:00:51 +0200
Source: axis
Architecture: source
Version: 1.4-29
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1051288
Changes:
axis (1.4-29) unstable; urgency=medium
.
* Team upload.
* Fix CVE-2023-40743:
When integrating Apache Axis 1.x in an application, it may not have been
obvious that looking up a service through "ServiceFactory.getService"
allows potentially dangerous lookup mechanisms such as LDAP. When passing
untrusted input to this API method, this could expose the application to
DoS, SSRF and even attacks leading to RCE. (Closes: #1051288)
* Switch to debhelper-compat = 13.
* Declare compliance with Debian Policy 4.6.2.
Checksums-Sha1:
718729e8c6645d6771c12fe3a816d024eab8c418 2348 axis_1.4-29.dsc
93ee10a21f31b611356dfbe57b9cb03c36c62c2c 14252 axis_1.4-29.debian.tar.xz
021eae739065cee5f174a4499165785a70907e16 10944 axis_1.4-29_amd64.buildinfo
Checksums-Sha256:
8ef6c38748a0e1e561741440f4b4b3f0b30c58fe17f4cf1c494894cd0ed1738f 2348 axis_1.4-29.dsc
30d44358d3362671355a872da5fa2648fc837d5f3114a8081487b474ccecd812 14252 axis_1.4-29.debian.tar.xz
6d9bd05a3193c5699297afe2c7a9b03b96f993680f374a1e2d652d6a81e47389 10944 axis_1.4-29_amd64.buildinfo
Files:
8fe6c3151ae3d2b7a4cbea529ea55d38 2348 java optional axis_1.4-29.dsc
3a12de65ef9c4378ddb80d8e4edfbdd0 14252 java optional axis_1.4-29.debian.tar.xz
725ad4ab4653192ac083ef602c00c15f 10944 java optional axis_1.4-29_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUtxGNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkkykQALRa0Pu5pYDt8ykRSMLtqB5JZJweXrhT7w1q
bstA3IVBQCh3sNKUvcUFW0kioFw/g9BTZdNbHAxB4dGirSe2AVqazY46gr4OFYHv
Jq3IeDOREphOdBVhmP2jtfi+A+oupVZ1t9qTuE9BRJwnf1ytHcEfBwp+VD5wa32k
y1laNdrl3M2OYHAyhvK4ziD/dujREktAZ7sJE0PbIJUY+XxgQbpAPn57Ae2Nc+3p
8r8SG9D7cArmdE+fhU8KgHPYBBC1U73FI5V0m9DsA+WcKMSO/QwplDabcuwRCQLa
/gf4KDA8j/isAsNAP6G/gOdq7cyAl183B6Gc26kKgHxZ869Jz4pS9zGWJlCRkXV6
J+GyF9/JBV1N3+6XRobpO5Ec7bKFlAEUUCGjXlVII8IhROsI78t5WOx7OAno8xA7
aC6oszkEd0kfenjPRUhKllqVFQc4fnydXOiaXg2VMi0aoGF+6GmC6IN4vecffuej
UUQ3U2YBiueCBJ/5XtCdmelaeqXRj11YTGiCm75ikyA/UoOfzZqe0GR1bU175uF4
bdPfSJgIVUFk1NHDoL1c7d8pcfwnXhjMxbxxL5V18gVTLjQwlrBHs4pv2Cjgni7Z
ty/y6b7Pdr7WvEkNXP5cBxbCV31x2Jy0oH3gosc8512EfCfvXe/SNsqGnqQtSw/S
1rD22O8C
=CMuA
-----END PGP SIGNATURE-----