Accepted libcommons-net-java 3.6-1+deb10u1 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted libcommons-net-java 3.6-1+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 29 Dec 2022 20:10:23 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libcommons-net-java_3.6-1+deb10u1_source.changes
- Debian-source: libcommons-net-java
- Debian-suite: oldstable
- Debian-version: 3.6-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=gPqVB8ySTunN3zYokqRF6tNrcAva/EICNiDx0wAq9IE=; b=Au9SvsDVSitQrQRCZvMM9+qtS4 d2oZHLZA58PyNEX4BIbi9YcDLzm3i9sGF0fMwpZmiwXhBUEfSAf5mxjWh6ANdxzlNbjNqA1FOwVHu Y6QKkSxOnuYe0Ky0tFK0kxWhSXPzSB1DYJ4Dh2g+KlwQWC7anJzzmb/K1N6ITykcM3gytyZOvwWdy DHu74+PwmaDlXB0r6ESMMt5VP2yZ/aw5nRfNchvMU5ddnJ42TsK/P6lzn5ri0fhzYDbRxdwF5AigF ifq24jH1WlAxhMfq36en3LiWhZkDmzGV9rPvEcKB9BUdy8FgVeIQuufr+03pGA4yMYHltA+lJNpyM Gsmf2Wcw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pAzEN-001yaf-3B@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Dec 2022 20:56:24 CET
Source: libcommons-net-java
Architecture: source
Version: 3.6-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
baecf0138554d689f878ea9d7a5746b586d164ba 2581 libcommons-net-java_3.6-1+deb10u1.dsc
81906c6f5984c08db58f2f248010adebb1ae47d3 307800 libcommons-net-java_3.6.orig.tar.xz
1fced8492aea77288e0f36deaaac1ff0241b6c37 7060 libcommons-net-java_3.6-1+deb10u1.debian.tar.xz
d1aa74dffd3dd9a62e0a5d8ff74fdfcbe4f05479 14107 libcommons-net-java_3.6-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
c1913090307119658309138b6a91df458dc7c6b371207c753a517448ce365d3d 2581 libcommons-net-java_3.6-1+deb10u1.dsc
7eee0e4ac4905c84b5c585a6785cdf9c87b89502f608059b2e766c92f60c4811 307800 libcommons-net-java_3.6.orig.tar.xz
11bd1d473abbf4ce55143f7a07e5cffad5507eb6038babfc6e2dabb212c1c15d 7060 libcommons-net-java_3.6-1+deb10u1.debian.tar.xz
20b1ee7a28edda15117b9940dc80cddc6db5d2aba5e27c4856ae847acabb8063 14107 libcommons-net-java_3.6-1+deb10u1_amd64.buildinfo
Closes: 1025910
Changes:
libcommons-net-java (3.6-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2021-37533:
ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java
client API for basic Internet protocols, trusts the host from PASV response
by default. A malicious server can redirect the Commons Net code to use a
different host, but the user has to connect to the malicious server in the
first place. This may lead to leakage of information about services running
on the private network of the client. (Closes: #1025910)
Files:
b5b0f808fff1ac0e2b111869c4fab25f 2581 java optional libcommons-net-java_3.6-1+deb10u1.dsc
c7b1c720fc0dd36a7bcd85ace116dc76 307800 java optional libcommons-net-java_3.6.orig.tar.xz
bc8e57f083e8a2a4b10f2db93ed8b8ef 7060 java optional libcommons-net-java_3.6-1+deb10u1.debian.tar.xz
c5ec28fd901e043542766ab99584dfb8 14107 java optional libcommons-net-java_3.6-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOt8PNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk+A4QAME/cN8Zpw3iojwMqqLufDqwF3lLCLhCZIPL
8M80hliHnFnU1nUF+f2F8y3FhwJNESx+tuiJNJPb8TOMWnlFdL6LN74C9xlXb6qr
x4gX24DxW4J8+0JemsBPUEHoWFPcPP6gbxwqpGHA38dtrjGlYuiM1G612qOl4Ve+
T9kTeol27EUnKk6rTl7/UUklWhnXtPVFzljL6hcsmcIONaIt28cNFjHJpofcfRbj
Zb5pw08qVLgTs5/Cr+3AcVZfjGIURQfm2oleQFGqroJ/n0I1AYhkSk6SVQIp3KIT
Dd2jVBhyDlagYt3+mQn+35fUaCoee/n6cH5bN2/nvIBErEzY4btZPo08/1+h0nOG
YwxbnUhOlsl4q+VGKpiS51BrOwWL0lrlGwarjvZuXbumGY4ChcLUXf5QpiGMYo+l
s3N6Pb33lngBVt+6vMvVNRWuD9fjZMX8/6tds9OX3mmudOhPodT9L0npO1OfcZUk
5TuBYYXNFS1mG5aRtwI3Az6cswYz44arQL/9IYlLxzG/Z1bMua/vNI+YRBeLmczP
GztUPlVNafiOyFt9QgVleD2pRZC/fWF7l5y2hgMJ/QbQHtvvMKVwVWcnTIfqK3L8
oWpFymFIeOucaeB6f1pJxWGvWuIi+FFS3p1wygL8xzJvuA9Ps5kfJ217S+F1nkqX
M6qB41DO
=A/P6
-----END PGP SIGNATURE-----