[ubuntu/trusty-proposed] libcommons-fileupload-java 1.3-2ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Nov 13 15:14:14 UTC 2013
libcommons-fileupload-java (1.3-2ubuntu1) trusty; urgency=low
* SECURITY UPDATE: arbitrary file overwrite via poison null byte
- debian/patches/CVE-2013-2186.patch: properly validate repository in
src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java.
- CVE-2013-2186
Date: Thu, 07 Nov 2013 09:32:30 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/libcommons-fileupload-java/1.3-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 Nov 2013 09:32:30 -0500
Source: libcommons-fileupload-java
Binary: libcommons-fileupload-java libcommons-fileupload-java-doc
Architecture: source
Version: 1.3-2ubuntu1
Distribution: trusty
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libcommons-fileupload-java - File upload capability to your servlets and web applications
libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads
Changes:
libcommons-fileupload-java (1.3-2ubuntu1) trusty; urgency=low
.
* SECURITY UPDATE: arbitrary file overwrite via poison null byte
- debian/patches/CVE-2013-2186.patch: properly validate repository in
src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java.
- CVE-2013-2186
Checksums-Sha1:
59d9a726be7f86dd2f699cad1d81d6af4de9136d 2507 libcommons-fileupload-java_1.3-2ubuntu1.dsc
bba5572936b162032259ef1f36674e302dc2d1b5 9392 libcommons-fileupload-java_1.3-2ubuntu1.debian.tar.gz
Checksums-Sha256:
cee27dac9fe36a041a924ddcc1c48a7e49080333c1fd1135224611f9b547d48d 2507 libcommons-fileupload-java_1.3-2ubuntu1.dsc
effa8d7c54569ab8e135540580e3922f878f904f7a1f76a43c810ced87cff175 9392 libcommons-fileupload-java_1.3-2ubuntu1.debian.tar.gz
Files:
5c9fc7358c67a3c834d0ec500e326dae 2507 java optional libcommons-fileupload-java_1.3-2ubuntu1.dsc
243e84f7fc29e7e9c39c73c020141f05 9392 java optional libcommons-fileupload-java_1.3-2ubuntu1.debian.tar.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBCgAGBQJSfQ5wAAoJEGVp2FWnRL6T7tgP/jdTgUUvt0iD8vxFzNnbTfTO
K5t/g9oLQjBYYyrrgqVkSkbZ7EuCRIBbEDIsL8YZycnyKkMet54wlrh18jBdqtsj
oaYFRVGdr4raWBMgrcplWxs0EuGc+7jU6OrCaOUJfgOI9nh4girp9AYK4BNLVY/A
gtLB7EqE9IwmPOM8IscVAdmZqur0rjtWZhxQQaEHDqz6LcEgu0RXgmmjA7Atqspq
lJtX1O/G8u5FjzXeoInIDdDER/ernwAi5RQ7NEqGTkoy1bILXshEROO8mLTBPLHK
BhwR9XVWGIeBGnwFj31z5lwQy0/iqHna3oLMWfpVjgKooC7/nzMtyDGd492nueG5
WO+wwz8wyZQBy2mIKfNfiZ6zbLmhRCKn46GI8qg5fPzp0ZftGR2CNV1ClzWbCzP4
E5XriUVdxidCswbRGmNRAvJhQRjFRhk6xehmzoedGbplYafRLhi/53PtkEr9ReMH
LZKk5Ytpy5IF7s4keiezxU4fvGNgioPB3bT2rXN6EfjZ0xDHDfEqBVpe4t7ndqvN
GPdSTNuWw1pt+ZNk1Bv9n+tkFPAEODNmpVz4aGqJTJ+UwWYT1ABfwbNlIkUXuLI7
tjm8tViqD6PMQCWam9iWndB54F2lhzFp89oHFk8HxORiQMcYv7wbUH78MWzrZL6O
C0F1XdMcafKWWATlxJQ0
=tYXH
-----END PGP SIGNATURE-----
More information about the Trusty-changes
mailing list