Your message dated Sun, 17 Nov 2013 19:48:29 +0000 with message-id <e1vi8kb-00077w...@franck.debian.org> and subject line Bug#726601: fixed in libcommons-fileupload-java 1.3-2.1 has caused the Debian Bug report #726601, regarding libcommons-fileupload-java: CVE-2013-2186 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 726601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libcommons-fileupload-java Severity: grave Tags: security Justification: user security hole Red Hat fixed a security issue Commons FileUpload: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2186 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libcommons-fileupload-java Source-Version: 1.3-2.1 We believe that the bug you reported is fixed in the latest version of libcommons-fileupload-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 726...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libcommons-fileupload-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Nov 2013 15:04:17 +0100 Source: libcommons-fileupload-java Binary: libcommons-fileupload-java libcommons-fileupload-java-doc Architecture: source all Version: 1.3-2.1 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libcommons-fileupload-java - File upload capability to your servlets and web applications libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads Closes: 726601 Changes: libcommons-fileupload-java (1.3-2.1) unstable; urgency=low . * Non-maintainer upload. * Add CVE-2013-2186.patch patch. CVE-2013-2186: Arbitrary file upload via deserialization. Properly validate repository in src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java. Thanks to Marc Deslauriers <marc.deslauri...@ubuntu.com> for providing the debdiff. (Closes: #726601) Checksums-Sha1: fd6957d2b6913dc2b26eaf0df51b028a4ba3e10f 2408 libcommons-fileupload-java_1.3-2.1.dsc 207439c5e1f8fa944db80ab7a0365a68f6f334d4 9179 libcommons-fileupload-java_1.3-2.1.debian.tar.gz bc70a2f66186ade550f2fe00a907d1720a5e4d36 61568 libcommons-fileupload-java_1.3-2.1_all.deb 6cf7206315546ff8d51a99c3e993b688f6cbccba 369604 libcommons-fileupload-java-doc_1.3-2.1_all.deb Checksums-Sha256: cca68651a4ad9b7978a9a5c5f62cbcba49090af95a42e7bd9a9bc678a1e81839 2408 libcommons-fileupload-java_1.3-2.1.dsc e538c703b5cd5801b05b4e989e25e7edd4507e62a937284c03857fa70625aa77 9179 libcommons-fileupload-java_1.3-2.1.debian.tar.gz e029f3d4531507116f26f627ef688e65b8d4929aa0f0027007534f4b3ddfabdc 61568 libcommons-fileupload-java_1.3-2.1_all.deb 0043a4b522e9f3c66ebacd27c2b26cf8a0132fed1d1b37b721855041aaa08ab1 369604 libcommons-fileupload-java-doc_1.3-2.1_all.deb Files: 7b2e3b62299b6b4946c24bd142f73e7c 2408 java optional libcommons-fileupload-java_1.3-2.1.dsc 829d99ebfd35ad699f1ad71fa7aa97c5 9179 java optional libcommons-fileupload-java_1.3-2.1.debian.tar.gz f30fad1535858ea305f90a52adca3c3a 61568 java optional libcommons-fileupload-java_1.3-2.1_all.deb ecce775c2962aed6fa772850f6f6e361 369604 doc optional libcommons-fileupload-java-doc_1.3-2.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJSiRq9AAoJEAVMuPMTQ89EGeMP/i6xiuhitDCwCjmBqsySrECa ggBupxurvoY6DDkZF+Q1GWcUB/ARwWMwfalkzeA6DXtSRenuXyfcOHiukofY4hDq 5lNBPfJPaee4KONx0qTuUGIp/8MK06h1Y9o7rNRWSIXoNoTXEdIQFmua3mfajqNc etm0bjXDMNGH7VlABWG0kdjEX82tY5BLvLiVEU16ta4fi4WFE2RExwUKaD/y/x2I 7SEhVZPsoGk9lUFOzrqzu9nH2mxEJu+ym9Yf113cpoLspo11Ng5rQRWZZ3EJ/IOs z2QuwQZKIck1D3LtOeVSCPJ1UE33XNrbLKyqzbMOq6EVC7S4BwACY9SRcD+iLw5/ 4y7k3CYbFJspfClKM316qTjfYIA+Pc7gaB51z/6m7G/vSJ9U2YmuDv2NQIGnzr9A Ra4WMNAhlLo4CjUyhf6TFx6G5QVx5MExYOOyBeFrk4HehwOsBggf55HsBcJk49aW 3zPrVbAk6HXhUtaf1BLRs+o0/YSb90pBAMk1ekIDOdDUU5qWEsrMLb8KsQy+EvNG grGOc+h7MpmsN4Ecug4Knau5ghwccD3xbuEzqLNfydwsjmBBhvY3J3hM3mxUjF3x hpSuIOD4Wr7PvT9Yv9OsbAJmypHshpY6r7fQM30YahAUQvPfGV7I5jWeR1+SGREz tCqW7uU71tdqOlOhByA6 =dXjO -----END PGP SIGNATURE-----
--- End Message ---
