Accepted xmlgraphics-commons 2.3-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 04 Aug 2021 13:31:34 +0200
Source: xmlgraphics-commons
Architecture: source
Version: 2.3-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 984949
Changes:
xmlgraphics-commons (2.3-1+deb10u1) buster; urgency=medium
.
* Team upload.
* Fix CVE-2020-11988:
Apache XmlGraphics Commons is vulnerable to server-side request forgery,
caused by improper input validation by the XMPParser. By using a
specially-crafted argument, an attacker could exploit this vulnerability to
cause the underlying server to make arbitrary GET requests.
(Closes: #984949)
Checksums-Sha1:
3a9c6462b81f092d7a576ebce93e8641b7869952 2538 xmlgraphics-commons_2.3-1+deb10u1.dsc
450b1305d489ccd3a818e799d49dd202be27e04a 8356 xmlgraphics-commons_2.3-1+deb10u1.debian.tar.xz
d6b9778bdece75e0e9042dd239ea99a1116815a2 14091 xmlgraphics-commons_2.3-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
822914cc6da4cfb5d1916086ab6ce477390ad3d9edc0d88c0304c9e75d9da862 2538 xmlgraphics-commons_2.3-1+deb10u1.dsc
80baa84cc954da85a56fc4865c82e08799c7da5e7ba131c752ab8ea9f1ed7839 8356 xmlgraphics-commons_2.3-1+deb10u1.debian.tar.xz
b521799b4450289b75e42b16e7ba2e75eaf2cd2bdc43ed0f7491f8e0797ac85e 14091 xmlgraphics-commons_2.3-1+deb10u1_amd64.buildinfo
Files:
cf3c1fb9847c2559750d44333d600925 2538 java optional xmlgraphics-commons_2.3-1+deb10u1.dsc
830970944a7d10743b29e50f8e7f4e78 8356 java optional xmlgraphics-commons_2.3-1+deb10u1.debian.tar.xz
61dd71fd38fbdc0d99fd83b3f390b969 14091 java optional xmlgraphics-commons_2.3-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEKfAZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkbMoP/03ByJhL8SD1MTY0OmtWOrKht6RsLCqEdTYY
nTtsSwr+75nKT49/tEd/JMEtvw5toKeNky3C654GRnULJY1/lJSxN4phsJE/H3s1
du60Hgh+/Ocrk83/DrtPb4YSv3lV9DFW0wxqTux29vUBQu/pCxO5a3GZUSsyuJLu
GvtuMLpyT6p2ynRwhou/d8xVfBvg0AVrd6NY89nBP1+dnEGbqYUgEvEssOcJT7vG
t6jXZZxShDwboHATmxSGYHN2SGMNtP75DDDMI40k6ETtRJldyoRMnoGzC+foSLxw
kX173iRdrg5TaS/KXCMRYlxYH9ld6hiY2iF9/Q14LoBkSSOCEO96JOBrT0Hu7EWh
gqqdXI6vcGyQtLV87gtFL/lsbiuIB4D0MwLkksPumbPBhpIM9quPlXZB9BBZmhtg
EhUdlmkgg9iz5qYY8twcCggMr+KcO2nBo8NiYLt6xhLEs1wbhUpgrw18btr54Mo3
K4fzBSEKxzfpdwesIkrI+oHnAGTekYBF3CaNijxRJOgy43Adm6cblE9fB+4PEyX8
JCge6gxTOwp7Dcq5H7w/iau2bb/JIsu9YS6iVzRjE09H6w5fT7XQdWFvFAwYIVdu
64i2jDwumaLQYKOG56NpGZfaM3+Ri4O2K8PLPMdqKn2WwShOjjkLrZGsLI52K0g7
PSUl1ORd
=oFbL
-----END PGP SIGNATURE-----