Back to dom4j PTS page

Accepted dom4j 1.6.1+dfsg.3-2+deb8u1 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted dom4j 1.6.1+dfsg.3-2+deb8u1 (source all) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Mon, 24 Sep 2018 17:30:26 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1g4Ugk-0006b2-QF@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Sep 2018 15:03:22 +0200
Source: dom4j
Binary: libdom4j-java libdom4j-java-doc
Architecture: source all
Version: 1.6.1+dfsg.3-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libdom4j-java - flexible XML framework for Java
 libdom4j-java-doc - documentation for libdom4j-java
Changes:
 dom4j (1.6.1+dfsg.3-2+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2018-1000632:
     Mario Areias discovered that dom4j, a XML framework for Java, was
     vulnerable to a XML injection attack. An attacker able to specify
     attributes or elements in the XML document might be able to modify the
     whole XML document.
   * Compile with source/target 1.5 to fix a compilation issue with
     String.format.
   * Add testng to Build-Depends. Build and test AllowedCharsTest to verify that
     CVE-2018-1000632 is correctly addressed.
Checksums-Sha1:
 b85ecaf69b2bdd39cf00b8c7585760b56bd70471 2475 dom4j_1.6.1+dfsg.3-2+deb8u1.dsc
 205345af66946df5a33048395aaf50efb93dd88a 2315230 dom4j_1.6.1+dfsg.3.orig.tar.gz
 77bdbfb6f509988983cd2eeddcad95f125254c3d 12712 dom4j_1.6.1+dfsg.3-2+deb8u1.debian.tar.xz
 f339d24d1381a6aac38cef1aa498aa94ed6674f7 347998 libdom4j-java_1.6.1+dfsg.3-2+deb8u1_all.deb
 0636ed748cfd11420f084670e4aba76a8f421265 155786 libdom4j-java-doc_1.6.1+dfsg.3-2+deb8u1_all.deb
Checksums-Sha256:
 38d596a2bc1544187ec9e759123c408b937efc98481d056d23c10799592df114 2475 dom4j_1.6.1+dfsg.3-2+deb8u1.dsc
 d586686e1888effa5eed9a2eb085bda534ed9387769079e4f9bc8fd2ab5da5ae 2315230 dom4j_1.6.1+dfsg.3.orig.tar.gz
 37584d72c9a07a21fa057dd36d0e69124573f5d6e620ef5c19d5331405a9ed85 12712 dom4j_1.6.1+dfsg.3-2+deb8u1.debian.tar.xz
 c3f8ebd77f2f355b2146fbf1fa381f5c1524990a7b43151fa5fb735c3b23f235 347998 libdom4j-java_1.6.1+dfsg.3-2+deb8u1_all.deb
 f1e4561790daba7303d5ca5712f6834b4661980af5c9b5a6d827bdd5005b62a0 155786 libdom4j-java-doc_1.6.1+dfsg.3-2+deb8u1_all.deb
Files:
 0f19a918966f21af686022b1c2dcf3f4 2475 java optional dom4j_1.6.1+dfsg.3-2+deb8u1.dsc
 82a729746a518e9958373c3c0280a686 2315230 java optional dom4j_1.6.1+dfsg.3.orig.tar.gz
 392503c86aee4fdabd5a730d853fee32 12712 java optional dom4j_1.6.1+dfsg.3-2+deb8u1.debian.tar.xz
 e526fe7d6795621050e7d00b32272e13 347998 java optional libdom4j-java_1.6.1+dfsg.3-2+deb8u1_all.deb
 7067540cb354f0c8d1c1203789622761 155786 doc optional libdom4j-java-doc_1.6.1+dfsg.3-2+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlupHJxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkRYUP/2GlGxSNoIWysIYKF3e5Z5871FdQDH/sF4x1
t6uKGP3O9kjT637fBqJuQ8d2MQ2Crjhv6wFeaR11fVI1/rB2qnG1KtzRPd7+DH5f
j6m4xli8awHCphkS5BGGgtbTvmQyGmZwlq+hc29EykBooMYWQdmcA/WlQVvwEUps
kmCQpoAlgAZKvn59e+5HTw73ZHSn5h+Xb4QeJCKlpz6fk6/sdhXCsKlssIdj+zeO
3CyLEsoO7m3K+S/102Yey7YUZ/pRYxxsoWSQdkgtz5evXFfWBj7WkY5MAnnkK/Ec
K3kJOapP/1UZZ9vMXTRRjR3ZdW+mUvOYyr0LexQH3vYF9psAevP3iPSqhEqzJRey
hT84NuvszKhBrBepHMauu2IOKSO27TGL1H48KfPXK2d+sE2pfZ3Z2JIT3cxo5Omx
1ewuz3HiWIGvceJpeLDeulM/PNX56W5GrVfgsZrXIYaCzWuH9r+g4EW3rsd5LI+d
iSSgrzASy9/JzJnAIiKIbDi9FtN4lpL6XbVM+D+hifyKpWkWEqwjWltgFYrRCRPy
AyiWR1ZVRsyQzc4fq6DWtWTBHJ3jiqWo5KKR5u9wZfloam0J7aVMMnc+Fn/2FYQ/
jho+ciWSjkpw0+C2IZHPRzZ3k1ztPARtZRiXiZz0dNIMspMkRnhEQL29cma7thGc
s4s5gmjY
=R2L/
-----END PGP SIGNATURE-----