Accepted axis 1.4-28+deb12u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted axis 1.4-28+deb12u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 05 Nov 2023 17:47:08 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: axis_1.4-28+deb12u1_source.changes
- Debian-source: axis
- Debian-suite: proposed-updates
- Debian-version: 1.4-28+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=c4p+PE8YB05QrDPDip9rX+XUtZuRNe9CZsdWkyrblrg=; b=pKhr+VXotjaPPhLx+lYtf8lQk7 N38pAGGPFWzWjel2xT6/+gDcG+J7yuERGkwnTY8/hMtv9NYHTWbiEm5RozZDzydBC5kb6reNnQiwo 1Oo5ZPbpR2KtdSUD7bHZiWiZ7VPQp3YpuSmsYS2fvGq5nK92BNclKAlEFWiRCi4a+hkd813WM4bC0 EjPuLZBSEwqLBoMysRN5DBVDfCqGdgVeQU6OeyGPGRQIgTcsw61D1lSF7jYxsxuIxz1phOW5sDqJo QA7Qj3ZjYGAuaW97W1ZF8Rf+wPx/FjAAPiDU1qgAZB0LIGjHP1Ti71BaS3Emb6Xg/RqDdIygwrEwT VKzXzz8g==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qzhDI-007Pl8-L1@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Oct 2023 14:05:20 +0200
Source: axis
Architecture: source
Version: 1.4-28+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1051288
Changes:
axis (1.4-28+deb12u1) bookworm; urgency=medium
.
* Team upload.
* Fix CVE-2023-40743:
When integrating Apache Axis 1.x in an application, it may not have been
obvious that looking up a service through "ServiceFactory.getService"
allows potentially dangerous lookup mechanisms such as LDAP. When passing
untrusted input to this API method, this could expose the application to
DoS, SSRF and even attacks leading to RCE. (Closes: #1051288)
Checksums-Sha1:
530e10161cae94d3d4d911d6a7c2a545293637d5 2375 axis_1.4-28+deb12u1.dsc
6e688ab77c6e15bc4c9be0003ba3be600193e25c 14232 axis_1.4-28+deb12u1.debian.tar.xz
2db6781aea7c76dfdf2b303054cb476ffb61fc07 11044 axis_1.4-28+deb12u1_amd64.buildinfo
Checksums-Sha256:
8c0404c7deb6b0a3dc09d54594be66daec5734687a5bd4cbc1f0b18e7c43b5a2 2375 axis_1.4-28+deb12u1.dsc
588df7082e0b6ae1750597010075d84666be27a4641c21793da599c90212ff6b 14232 axis_1.4-28+deb12u1.debian.tar.xz
e825dfe825871d360d161e56e19a8e100540f1ba2d2cf4b0bf8a1c63ccb8e42f 11044 axis_1.4-28+deb12u1_amd64.buildinfo
Files:
75f5cf773c59fdb3733a0b94d440a5d6 2375 java optional axis_1.4-28+deb12u1.dsc
558afb92dc173d31884d4793be287c0e 14232 java optional axis_1.4-28+deb12u1.debian.tar.xz
1fc0088c995d6a3f40e6b5269c67e263 11044 java optional axis_1.4-28+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUueTVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkAucP/iBOq2eJM1ZvVRbGMGUbriH6i+jFiPsyM4YI
HFHu2Uzs6xRTEoIdKk1Cfpof94PCqDGhn0+bMjM5RvaN2E3EAgXqWDViMmVpbeQu
mVeiV+Kq6O8owuiTtxvIzUxuVG6iqa5q1ifMd0w2FtClUdMC6pIeHHzda3+nPNJt
sZgEA0iqfy6XywjWrM3hWY1P5ZzT1IjondXF6s8mNv4fvVh5uZfr0B/sRspTfJmj
/ZOvG876q10uKqbOGirMeRCJEMSPbXwKkGHBMIb3X61Vmj7tVDuhIm/a0SVMZRYq
94Xaw8cTAcA//uI2f6Yowvr/IWXxqDlbuWY8eS+FW4ciYo0LdW0hzdYgDfqvhtJM
fVJClE34NOs6BvLccMr55J3jI3+Ny8jQJRXtyI9f1DT/lwIrDW97z5nq2lCS5ca6
vg9NYeZ/B6+zNjaqW+56Dnq62MH0p31y/BkBvzsU/PTNMj/PMIxWZGmgeuh18y/6
rcaofrkH1EHy9Lj5Rqp1Uigb2l92J8uGGSNSMNyPsdYW6tC+P7t1SQiwp7A58Xuq
5gZ/4tex10TH46nU1+TSzfbVI0p+13Oejejnh4u7JJzKXarF2z7qUsgqPTwepnDk
eYcsw0bmBoR7oKROHYLoz4td4P544JGwwiCRbxSLPfQh1mvUH5lEDMlIJMXXRwPc
Gi3qcnEI
=dy+a
-----END PGP SIGNATURE-----