Accepted libcommons-net-java 3.9.0-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted libcommons-net-java 3.9.0-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 27 Dec 2022 16:51:15 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libcommons-net-java_3.9.0-1_source.changes
- Debian-source: libcommons-net-java
- Debian-suite: unstable
- Debian-version: 3.9.0-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=lvjUWsFDEnyvQjY4adTqIej5+0hWqWzFursYk9IZp2o=; b=aT6q6CCmTa1zsPE2gHOATNRjWa MlmWCyDRUCI4sQ1sNhE9ZQHWGz/L0XahHEM0c+tbOjItg1SohqLSC0EZqauC1HdQH4l/FZ/TVy2Vs 6nDKoE+gG3EwOpSVwOgeGO2FXE2WTW/flRPTf216BJTMz4y6aWRfzobzXqTrxg9suJXDdU2qJPfPp OJd3vc4qD39vRxn24JYdCInteEi3n2Ie8jjYVEV7rC5ehCGLYUW3UEU6qOjn3lJzCSgXofSluPmKW mzLXYH/yCSlR2TiqXAmORWuNRAQr8ED50n2c5ihSqqEaNNixeHUVQcAUECNzmFAFihN+qlXXUr/Rp 8Zvd+GFg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pADAZ-00BAdj-AY@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 27 Dec 2022 16:24:48 +0100
Source: libcommons-net-java
Architecture: source
Version: 3.9.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1025910
Changes:
libcommons-net-java (3.9.0-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 3.9.0. (Closes: #1025910)
Fix CVE-2021-37533: Prior to Apache Commons Net 3.9.0, Net's FTP client
trusts the host from PASV response by default. A malicious server can
redirect the Commons Net code to use a different host, but the user has to
connect to the malicious server in the first place. This may lead to
leakage of information about services running on the private network of the
client. The default in version 3.9.0 is now false to ignore such hosts, as
cURL does.
* Declare compliance with Debian Policy 4.6.2.
* debian:/control:
- Switch to debhelper-compat = 13.
- Use canonical VCS URI.
- Update homepage URL.
- Remove obsolete Breaks and Replaces.
* Remove get-orig-source target.
* Update debian/watch and track github releases.
* Drop orig-tar.sh script.
* Drop libcommons-net-java-doc binary package.
Checksums-Sha1:
6b36b462c02e88b989b735321919b8b33ede07cb 2477 libcommons-net-java_3.9.0-1.dsc
681738287543e0f6529b746147dd384fe84808ae 443682 libcommons-net-java_3.9.0.orig.tar.gz
1d1f70243c30277fd3ea8af236c9c47551be7363 4480 libcommons-net-java_3.9.0-1.debian.tar.xz
8d3bdf391bc6d4f51bfce5f946ff0b88ef3fd267 15169 libcommons-net-java_3.9.0-1_amd64.buildinfo
Checksums-Sha256:
e706bb0d9ae9ff20a3bac504ffd936a4837889ac540f2b971b2eece9f5ec2ce8 2477 libcommons-net-java_3.9.0-1.dsc
f7da45f48c59df27468c6c1d396ba3406359bfb42e8b6ec9a07acee1d11892f2 443682 libcommons-net-java_3.9.0.orig.tar.gz
f686473f1afa82dcf4535eb4f52cc9b0169230a8d0c5da235a82d4241da2cbb5 4480 libcommons-net-java_3.9.0-1.debian.tar.xz
00f316cc142ca15ef2b2092e9c8f7bce1161cd0dd38fe47c61bfd4e61f3ec706 15169 libcommons-net-java_3.9.0-1_amd64.buildinfo
Files:
39a3bea27e5808227e0621635affbe58 2477 java optional libcommons-net-java_3.9.0-1.dsc
7230c8c32fdc5a52915aa5813e69e1a1 443682 java optional libcommons-net-java_3.9.0.orig.tar.gz
940d8fcf2e2c46b44a116c1297ce50f2 4480 java optional libcommons-net-java_3.9.0-1.debian.tar.xz
d20a4fc4883847d85aafdb3834506a03 15169 java optional libcommons-net-java_3.9.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOrGY5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkGcMQAMo1w5PZCCFcRpoZKjdivRXgN5JHWh76gy01
CEI92st8Z5ANuW2Kyio8DR0nGQ1xJpjE+Pb4dp/AhgOHYWSBf9OmUv+dLFm9ESzf
JqV1hdney+uwrQXX8DE5zjCiQ9tV7EP77QcGgilbGwQ/IBlU7pKVVb4t38KPSWER
WscO5DVcHdFjpOsp9GSyNumF82opw1ueJqC0sn96bHFLIrBjP6sgxM/9s+KVe6kb
i55X1MnVYGi/FdihqUPIhpBos2WEnuLbT4nzR9mKqZIxRVZYSVB/aHfgjbw5zmSD
AcONox0+CYfSWlr3dZxAP2rUMuMyyNnvH3IODAApzlRL3fUg9zWKh9sNh+DVTWHP
I0dC34Cnj1S/u2wb+JhiD5enYtzfwIbTLG9cgY+OkHikAk4/b0Q/OBWvslnsOpfZ
5XbPI7eiPcVwKtL1cq5Be7x6TwN3JDjLzvxpDXqIJeNd6pOq502JMn8SAehr+XIC
1qsSwPD7s0dgjKdCbdv9KMG0ezTvqw22sYQ2XydbmI9jmMoQxn3xeKY33IFaCOhW
ySlrCZIpG5n+7zhM6UY5yXqufy5nm2+RgEI5ZbqL9MDsNCufIUbU+SN77Mk0E/8F
Ss3M6SunB4ffqwd7VWAhMYLSWFEHDCqgAuDDoRso9oeMcIXF7BGZYb6gooIRzhjH
BCi/bqDP
=12aj
-----END PGP SIGNATURE-----