Accepted bcel 6.5.0-1+deb11u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted bcel 6.5.0-1+deb11u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 20 Oct 2022 20:34:20 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: bcel_6.5.0-1+deb11u1_source.changes
- Debian-source: bcel
- Debian-suite: proposed-updates
- Debian-version: 6.5.0-1+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=TILsH/mzCuEoUnZ0FsLYN4rLZQr+D0vp3s/PpXLHG0g=; b=NqHLWoNNEbioor3Fyik+iN0qRO 63d5tL+AIqI7S2ZzLfxU8cYns6OD5rE7u+XWqf0UXI043Wl23ivcW97qgv3tZGNlTvIEPsZVcJlFU pb0MdqTaNmz9TL7QeukvkFAkBD+Q+pnuldf0IyQAHYWW6aOOEgdg9+S1z4ILQXVX0C4K30aRticxT 4LpoGBdA4azu3qZ4OCTIcDTGfw/2YRO59/zJSHznx9UQJRSoKAqqc0HXVPCXW6IkRijLBx8HBG2zK eXkokB2jlQs9YuEbjbkHk5zzsh8JDM+QmA19zeewwCliNxMOWtsz2bH21KVNSNCLHfIMrzPJWyQPT V42rYVsQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1olcFA-004CXR-MK@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 Oct 2022 17:41:54 CEST
Source: bcel
Architecture: source
Version: 6.5.0-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
6d552599a48cfeb3c74e92bcdd5cd7c92b665f56 2354 bcel_6.5.0-1+deb11u1.dsc
da213005869e74facf518ba22967b047ef5c00a4 707820 bcel_6.5.0.orig.tar.xz
76ffc1c948f33c11161cf689230bba73679c645d 7344 bcel_6.5.0-1+deb11u1.debian.tar.xz
9d524fd968b22e0ee1819d800fbbcbb109b1f475 14297 bcel_6.5.0-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
59e6c71562b86c219f51c6dd8c22f486ff32b308bfd6f32215f40cb8cf18938f 2354 bcel_6.5.0-1+deb11u1.dsc
14c4489220b11643b9cdbaa8b5d0521f593d296f00aae1025ca7052cd7940422 707820 bcel_6.5.0.orig.tar.xz
a90f374395757b2bd7add4b92c44e49e670bb8d7e275f44268c67e54a7b91aae 7344 bcel_6.5.0-1+deb11u1.debian.tar.xz
9ee9fe13a0b417b7951d192132ef8e1a41e6126d68367218d4ef0409b948833c 14297 bcel_6.5.0-1+deb11u1_amd64.buildinfo
Closes: 1015860
Changes:
bcel (6.5.0-1+deb11u1) bullseye-security; urgency=high
.
* Team upload.
* Fix CVE-2022-34169:
The Apache Xalan Java XSLT library is vulnerable to an integer truncation
issue when processing malicious XSLT stylesheets. This can be used to
corrupt Java class files generated by the internal XSLTC compiler and
execute arbitrary Java bytecode. In Debian the vulnerable code is in the
bcel source package. (Closes: #1015860)
Files:
e1ee34343dbc98f30413a25d9daa60e0 2354 java optional bcel_6.5.0-1+deb11u1.dsc
03ca482ec9fc77fb8ab4a8c742e375fc 707820 java optional bcel_6.5.0.orig.tar.xz
b3709de7be44c3affa414ecc183a8d0d 7344 java optional bcel_6.5.0-1+deb11u1.debian.tar.xz
18f2466690a8b3a4427e6938d4963de7 14297 java optional bcel_6.5.0-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNOyU9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkzVgQAMITdP932bH3TO569rSTVD+LIzYjXtADwC7j
dJEvHWODyYXJWxXxGazy3n+i+guPT+gA2YHynygc0JB7hmK/hmtHNXHP+mek2BeB
96Vr96gDnKq8kkshzjsqJzPRz7ZnRfE3aAC+QOzJJEpqlisAItT/eYj8htAYim0j
n78gBhXlDjEh92gfip4sll3IqJoCJpX5+Iqbks16BjUXGzYP0x6GSmYfAkSxtxfk
xP8of9ci5fKyBo7VA4dT3swLRM17BhBXZhMykfKFqQsN8dtsUFz+D2UrpoYgrd5W
Fjnqs3uSieLZSQUWHmveiP35u7B94pi1px2uFA98eaU3GDr73EZfzH+8q7AHLUqR
8nckvf5jZcHmw9tjJ6CdB82tn8IILyjmMJNGUyhRUdfqFR9Qj8mP76XMyZODH3Av
x7+xJ2Dh3l2aFPmZ+xPn5nsoTaSRHwwR33+YpCVXU8+0bBm8aUVy/rbepbG8+ozQ
g8PmYdUDEb0YrBP/sbNtaW5l7cr/mia8jmMYkw8SVkMYvlQi0aqcO6cDSYw4dCgo
APG6URwb8DD5VQajJL6Bih0bkJ+GIn51LC6MIzrfwKVeR8GW9b8DXG6pkVALqWd5
QLOb22/C8l3uEWDVaGxraaNBmzpSgILLHvP1ilwUA396bTEQj+aGviRMjGCSffcY
tdrvH60v
=1K1V
-----END PGP SIGNATURE-----