Accepted commons-io 2.6-2+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 20 Aug 2021 22:25:28 +0200
Source: commons-io
Architecture: source
Version: 2.6-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
commons-io (2.6-2+deb10u1) buster; urgency=medium
.
* Team upload.
* Fix CVE-2021-29425:
When invoking the method FileNameUtils.normalize with an improper input
string, like "//../foo", or "\\..\foo", the result would be the same
value, thus possibly providing access to files in the parent directory,
but not further above (thus "limited" path traversal), if the calling code
would use the result to construct a path value.
Checksums-Sha1:
a7ae12e34f41cdda234322c3f1a9ad8f7917d313 2390 commons-io_2.6-2+deb10u1.dsc
72237d9a3034e525c8d662ac3185b03dccb38d2c 6948 commons-io_2.6-2+deb10u1.debian.tar.xz
37107db6594e2e002fd8103cb4127427e48beee4 13581 commons-io_2.6-2+deb10u1_amd64.buildinfo
Checksums-Sha256:
135df4e0e1d60a717ae1e8beecd2124344391c4c533ec18774f74bff2517e38c 2390 commons-io_2.6-2+deb10u1.dsc
dc37f6ca996dcf634fb37178a0297d9217052f2361db61a5b71e0ebe231eeca3 6948 commons-io_2.6-2+deb10u1.debian.tar.xz
3fd71ddb435f8730b54e4ae022d0b658d962a30be4020bdfdc9807cfb4856f23 13581 commons-io_2.6-2+deb10u1_amd64.buildinfo
Files:
82233c2099e764bfec56c567c31d52dd 2390 java optional commons-io_2.6-2+deb10u1.dsc
57d09beccdb8f50cc08c19aecd902e5a 6948 java optional commons-io_2.6-2+deb10u1.debian.tar.xz
2c37351b58f8a9c4a9d40806fb909f9e 13581 java optional commons-io_2.6-2+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEgEDBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkD1gP/AxCnJxCa7lExZeCL2rpzRAWTHcR3wBqpegg
TXH4021wNbdRIk7KXFluMqQ41b0uKj7INZ2cx4/eQtkr2J/1o4J08LAvdHWv4n2K
/urznupvIB3sdIyMYYKtg8pFj+8fe4AW5CpjEQU61NAdpdIPUmyiFCV70hnPgqnC
2syL8zlkYs87ptnkSPAJ/luTPf6HHt31Aap5y2A2LEsFjgRKrpmkBj3Bys4qZ41o
HnN28QTZmYQrjvwbLrQVXDsgNlO93rLYQdoReuTtE411tk2SB+mT9/VFctFKNiLq
htqvFSXM5s1MEKGw+GBUPHbS6P/ngIBwqK6UYAE3g9l69XaHrMta0bdacsGz1hPF
TiQ/JE/YB4LkYznpPHG3RjdPY4BXvg8jxReV3Q5y7vOe1qzZTdjJgGt0YCx+cDaD
K795Z1IF714imVFuvhNlgx0Vnho1lmn4bJtd8MseIUIfkoN7r27ybhuElHSNYVH2
L/wIeP87HJhttRi4KNNE4UvB+ANEM73xzRoQB+frz7wExejSttdKEayUuF2ovL3p
yoXpZicLo3P/8VzTfFt2mnC0TOuoyMLiG6lDV7US84ohr2Yff+gGF08XugVp7eAW
eBXHa6V5PFddjiW1YihZIPoHrJRQ6J0u1tK4jXZwxvu5iygZwmDDULS5mg6yH/wP
ETlsDi6k
=QtV0
-----END PGP SIGNATURE-----