Accepted libcommons-net-java 3.6-1+deb11u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted libcommons-net-java 3.6-1+deb11u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 04 Jan 2023 10:17:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libcommons-net-java_3.6-1+deb11u1_source.changes
- Debian-source: libcommons-net-java
- Debian-suite: proposed-updates
- Debian-version: 3.6-1+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=i0awdJc+kUpelOoC2/LIi7+3+neVwpgMIfAoqZqH3Jk=; b=e6od/ktV9kylNyL5rzvYQUz+/3 4UtwmFPbPp+xyj/65vnIxKm+C7j1iqFbANksuychJdJT/OCKUsZ6tUgO6upPrZ4RYMD/ohv8ZxMIg RA9+7bDrfU2K/mO+Z7Ezwfq4Oy0yCuJM6ysehbtpnEJ5y9PQllsk8Upx424Z90fuaYk6MyrYAbf6q gapWyQAfEYkBGe1VfuviG2+Bh5Pn8AcWMGiwSe/gFUgXg5/G+HXzlQbxbHL4QY94sTfsV7QiujsWV qD5VPbmXS8TFI5WIggwVD+rPlzLrlZ0WfA0xjHokg0wMXF+7PKX0+rSa8R1Nv/TsfUaLXZbjAVbJU HnNg80Hg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pD0pm-001wNb-LH@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Dec 2022 21:37:41 CET
Source: libcommons-net-java
Architecture: source
Version: 3.6-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
0e4c9c020e383167ae541efdab59807ff95d067a 2581 libcommons-net-java_3.6-1+deb11u1.dsc
9b066020b18f28f8d19c698690ac583ddd47c97e 7068 libcommons-net-java_3.6-1+deb11u1.debian.tar.xz
763e0af5854e58b70011acaba89ada2459f77d7a 14481 libcommons-net-java_3.6-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
50b200893ccc0eb72df9c06493a3cce8aee8fbcef05d8abd2e9a49f10fc7ad1c 2581 libcommons-net-java_3.6-1+deb11u1.dsc
b34a957475c4d76b7585a0181e1141a9f807609f990a095674e5788ea28064ad 7068 libcommons-net-java_3.6-1+deb11u1.debian.tar.xz
a62537fc2b6d8ca133dd3e3fd59e47af75bc406e4ecd74f83bcdfd1962667bb8 14481 libcommons-net-java_3.6-1+deb11u1_amd64.buildinfo
Closes: 1025910
Changes:
libcommons-net-java (3.6-1+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2021-37533:
ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java
client API for basic Internet protocols, trusts the host from PASV response
by default. A malicious server can redirect the Commons Net code to use a
different host, but the user has to connect to the malicious server in the
first place. This may lead to leakage of information about services running
on the private network of the client. (Closes: #1025910)
Files:
d7f58811f0534c249991b366b2bbca4e 2581 java optional libcommons-net-java_3.6-1+deb11u1.dsc
ab5bfeb84fc1c36bc2d44b82d1403d70 7068 java optional libcommons-net-java_3.6-1+deb11u1.debian.tar.xz
d0fd06a427f7c18bca9e2d92dceace4b 14481 java optional libcommons-net-java_3.6-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOt+ppfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkLwYP/Rbqr97ZvrDy+Cm79yEX9ysWwVpxBRCrVuNP
Dt0WL+WveBJIwDjqNYH/JXj1xoyvsPjD8m7cv3zh53PPXcWBHDTEDNtVcnMdsbTv
NKbQDECLaxudln6K/w1rYxLvC4kWy6UdvY/w/F76ys3UBk2w0cqWv55oQCNqlYgM
ggdy6f73hHn5VD1ZU6ongg7TZBEbhoh5il9N7soK0ZZzssA9v+8aGXJ8lIkimXs5
fa5DCz1BZ33z81ETNOa5ckYf/iyxl9wFxDzblxXOKDp5iTSLMWDsbSdMTKz3MPVE
xCl00P3K4W72Dp6hG6Nm3s9A3FBOp05iq/0l36FSKmuCErXsx4CVLbUfUbtwsxwW
5z6qTU5WmV86DoZvIVOJi3GL4ydZT6Oz1YhKVdMpH7dF0t40KG3kmaUpPg5mU993
6xR7kyiqkJ+pf/dQzoE0qWbpITdkMdu5Sp+jU6wJdRK+4cWBTXPrmTel+yFWlNWw
h8uLcjB6QSUhAk8VmGW7zqM6gz6qGSAIvJNudt6j8QfGDRixtBkr+JA+eV0D6fgo
wr/Inz5XLk+NdeB9YRfKlYIVqwlwhMS7umahXFUn7B7GY0l6zUDKKMfL5omVM3QL
zQA/xMln5ew8deoOW/O8G0srT42Uj2Q0x2A1FhYmLCTroX5R90H6QDbFSP/4TNr8
8kSXgGw2
=yNYK
-----END PGP SIGNATURE-----