Accepted bcel 6.2-1+deb10u1 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted bcel 6.2-1+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 18 Oct 2022 16:40:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: bcel_6.2-1+deb10u1_source.changes
- Debian-source: bcel
- Debian-suite: oldstable
- Debian-version: 6.2-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=NmGmlDbqJisil6yl/LKN1Mqku1B89KbndSE6gI6iZkg=; b=b1OeTxxcfMr6AoW0GJSLJH6eUY 89eG5WjVztGkmIpwW3Njovc1+KiaG9qvsxMGgDfHnAPxKe1F9emMd+3rIOmudffKlzyKUXzaz8Kkp 2o49IgK7Xftp28ScJGhnHIWiclojYG9ykeHDjogrcug5k6nPkU0OnTiVaxCmL0fbjbJdm/i25rnVx E2dGkxQmZlOtsur1/4wRQTZxUFzMOQOv3D2VI511hUeJlf68C/m6TNyBfVMp6R18/+/Z5yxIlqXOe nanL1+jI7SjA+01Ti1LGMdmullU0x2FJn83HOIvbV+x99sJCzHBqRpliZNzf5F5bvQvmflsGI2A3v /MpekmwA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1okpdb-00Bm9P-Uu@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 Oct 2022 18:25:14 CEST
Source: bcel
Architecture: source
Version: 6.2-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
ff71c94bf67abf7697a4c7ead22fce70fb0d3fef 2349 bcel_6.2-1+deb10u1.dsc
c8d899616a6270b3fcea66a16fd87f65ddd09255 992176 bcel_6.2.orig.tar.gz
1d0eb0e2b5277c4483e2f78995197227f6bc55a0 7212 bcel_6.2-1+deb10u1.debian.tar.xz
aabe0992d4745f4c8a6ed82278f502ac99cc5a7d 13827 bcel_6.2-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
4431d0c041861b9bb446e516625102c5f8ea227e7de730c83c66f83b2077c2ee 2349 bcel_6.2-1+deb10u1.dsc
d71da3d43796409b6547f259d7b2a5e0d83e8c2f6c87eced7e7d29541a368899 992176 bcel_6.2.orig.tar.gz
a211f95adbc6394c77634aa68b017e95b1003f6999d56e41437c7244d3805856 7212 bcel_6.2-1+deb10u1.debian.tar.xz
dbe2a868d31c3fc1ba933fd9580216b8253d3f44101a3b6b14e3da70f33924b0 13827 bcel_6.2-1+deb10u1_amd64.buildinfo
Changes:
bcel (6.2-1+deb10u1) buster-security; urgency=high
.
* Team upload.
* Fix Fix CVE-2022-34169:
The Apache Xalan Java XSLT library is vulnerable to an integer truncation
issue when processing malicious XSLT stylesheets. This can be used to
corrupt Java class files generated by the internal XSLTC compiler and
execute arbitrary Java bytecode. In Debian the vulnerable code is in the
bcel source package.
Files:
d4b9d7cac947486b3e8dd2112e103146 2349 java optional bcel_6.2-1+deb10u1.dsc
896b38caae375a759a110ba92833417d 992176 java optional bcel_6.2.orig.tar.gz
bd0778fc59e4a02b6e64b982ee4f7488 7212 java optional bcel_6.2-1+deb10u1.debian.tar.xz
82fd174b253f67433d000ad5d27ed0f9 13827 java optional bcel_6.2-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNO06RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkU0YP+gMIFurN89wXfyc44nM0v1sxoyuqYZn3/gU+
NPNprpGOGjvyY5WuBE26VPZohKkMN+9xstQoKFmXhtGVv5DWTcs3N6FRpWtcsmvr
/TkXQtsGz9dZJWN9/MhPs3wW6pIIiLd+D1Y7qp4Ql9zRkTU0aGb5BJU+7cx7OKnp
LlImFLENcrxMZT3BznPzWUDwsz3QiW/fYd8U8oRbk5rSvINxJxXtW5x4C3oSitEI
BnkyEo/54wV5+06KhRtryM1rtzle9+lG8U/Q3ZO3D8/yHtH5lJA6oM+Mqo/YH/9x
C/qwlFdThn+bSI2jjDSc1XfPzDBDEFiwY69UT0mETMLFXUl4wEdfiTf0W3bR9ZHc
NLr9+ybHad/pgociS8Q4V6OWLpQ8oAv07cJRd66oNnBNPfelVhmxHAac0Qm/TWPE
t4iD+mm9rJI0BFGEg0vHj/YiKxHWM239gnssjtGt2vjD/32yqlX+vnhQ25ynPnu9
/WAvOw79HY+VuTifqc2u9T2Lw3fU/5ud69zLvWFE6GmCt+MaFkLuy8E7q7AKMjNQ
r7/F7ID/30QBszCpoTuFx/QzQpOPYCGRKT8HxVEMcKW3ndAexXeEV7Ib8SwrwvGL
vJ7j1gavRFmChrh80rEHmppZVeaCMJbaEAHbUkkeCB82iAUw0+qmvXUfe4cjq37Z
XZMA0aa9
=2+Oz
-----END PGP SIGNATURE-----