Accepted libspring-java 3.0.6.RELEASE-17+deb8u1 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Jul 2019 16:23:23 -0400
Source: libspring-java
Binary: libspring-core-java libspring-beans-java libspring-aop-java libspring-context-java libspring-context-support-java libspring-web-java libspring-web-servlet-java libspring-web-portlet-java libspring-test-java libspring-transaction-java libspring-jdbc-java libspring-jms-java libspring-orm-java libspring-expression-java libspring-oxm-java libspring-instrument-java
Architecture: source all
Version: 3.0.6.RELEASE-17+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
libspring-aop-java - modular Java/J2EE application framework - AOP
libspring-beans-java - modular Java/J2EE application framework - Beans
libspring-context-java - modular Java/J2EE application framework - Context
libspring-context-support-java - modular Java/J2EE application framework - Context Support
libspring-core-java - modular Java/J2EE application framework - Core
libspring-expression-java - modular Java/J2EE application framework - Expression language
libspring-instrument-java - modular Java/J2EE application framework - Instrumentation
libspring-jdbc-java - modular Java/J2EE application framework - JDBC tools
libspring-jms-java - modular Java/J2EE application framework - JMS tools
libspring-orm-java - modular Java/J2EE application framework - ORM tools
libspring-oxm-java - modular Java/J2EE application framework - Object/XML Mapping
libspring-test-java - modular Java/J2EE application framework - Test helpers
libspring-transaction-java - modular Java/J2EE application framework - transaction
libspring-web-java - modular Java/J2EE application framework - Web
libspring-web-portlet-java - modular Java/J2EE application framework - Portlet MVC
libspring-web-servlet-java - modular Java/J2EE application framework - Web Portlet
Closes: 760733 769698 796137 849167
Changes:
libspring-java (3.0.6.RELEASE-17+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* Modify build path to include tomcat8-util.jar (now required as of tomcat8
8.0.14-1+deb8u4).
* CVE-2014-3578: Fix directory traversal vulnerability that allows remote
attackers to read arbitrary files via a crafted URL. (Closes: #760733)
* CVE-2014-3625: Fix directory traversal vulnerability that allows remote
attackers to read arbitrary files via unspecified vectors, related to
static resource handling. (Closes: #769698)
* CVE-2015-3192: Fix improper processing of inline DTD declarations when DTD
is not entirely disabled, which allows remote attackers to cause a denial
of service (memory consumption and out-of-memory errors) via a crafted XML
file. (Closes: #796137)
* CVE-2015-5211: Fix Reflected File Download (RFD) attack vulnerability,
which allows a malicious user to craft a URL with a batch script extension
that results in the response being downloaded rather than rendered and also
includes some input reflected in the response.
* CVE-2016-9878: Fix improper path sanitization in ResourceServlet, which
allows directory traversal attacks. (Closes: #849167)
Checksums-Sha1:
8b9712f8697f59e100891332d7f9dd613d9c519d 4571 libspring-java_3.0.6.RELEASE-17+deb8u1.dsc
54681c810cb8d918b54ab430441958a84c6440a9 11192531 libspring-java_3.0.6.RELEASE.orig.tar.gz
2c030b07009361c779a87fb79e154b95f8ec4497 36604 libspring-java_3.0.6.RELEASE-17+deb8u1.debian.tar.xz
17e30ae793a5b9b46c776d85251a708c55113296 365356 libspring-core-java_3.0.6.RELEASE-17+deb8u1_all.deb
c2694f77eb8b83b49c092aebd0cb234e62d02e8f 517658 libspring-beans-java_3.0.6.RELEASE-17+deb8u1_all.deb
1513d2f5a727be0c6319addca415956beea7772b 328068 libspring-aop-java_3.0.6.RELEASE-17+deb8u1_all.deb
ba3754c9f2f63ec8f4b79a50dfc0e9c67a4c2c6e 591244 libspring-context-java_3.0.6.RELEASE-17+deb8u1_all.deb
305e4f9fd4fa76f15a1c52a4a5ec3a6049057db0 114292 libspring-context-support-java_3.0.6.RELEASE-17+deb8u1_all.deb
27cd9fee386c4e4a88c3f046b8a21cd296c4b2af 374696 libspring-web-java_3.0.6.RELEASE-17+deb8u1_all.deb
c238ede36fa353cd4cec319777771ece44b0dbe8 399142 libspring-web-servlet-java_3.0.6.RELEASE-17+deb8u1_all.deb
4631613939220414753eac3547e5bba1cdefcfa9 180610 libspring-web-portlet-java_3.0.6.RELEASE-17+deb8u1_all.deb
c9af5b1643b604ca72c2b68b429af9673e77edb9 204958 libspring-test-java_3.0.6.RELEASE-17+deb8u1_all.deb
97728d027a50adfafa4fcc2d8f817c7fbc1b4616 212336 libspring-transaction-java_3.0.6.RELEASE-17+deb8u1_all.deb
0349b983af56170a083e7ceb667b007b3296fe4c 357550 libspring-jdbc-java_3.0.6.RELEASE-17+deb8u1_all.deb
3d17aa109a5f84e1d80f06a8719554ba98c94628 187038 libspring-jms-java_3.0.6.RELEASE-17+deb8u1_all.deb
39f00e9f07167353458ee99a878abb54c0c6c4af 316000 libspring-orm-java_3.0.6.RELEASE-17+deb8u1_all.deb
17823a2d915dbd8bbb7bc63036f90f4253b0b902 177314 libspring-expression-java_3.0.6.RELEASE-17+deb8u1_all.deb
8216619fd9abc3df02294dda896ffce3e9800406 81988 libspring-oxm-java_3.0.6.RELEASE-17+deb8u1_all.deb
0032114aeaf0cd2265b166098452f611e18170af 31290 libspring-instrument-java_3.0.6.RELEASE-17+deb8u1_all.deb
Checksums-Sha256:
fa38b2e7c435237e52a33b49bcc6bdf7f07599c151b9aba88d7d11a3943a43b8 4571 libspring-java_3.0.6.RELEASE-17+deb8u1.dsc
694c3efc4b4b0730c596b90a14a8e14e1a5d5be065f38a35c3e2e86c50dab04f 11192531 libspring-java_3.0.6.RELEASE.orig.tar.gz
d39293faf74662ebd33a4ec226ce4b34f7ecd2ac3bd8ddddb9ddf22e17b638f9 36604 libspring-java_3.0.6.RELEASE-17+deb8u1.debian.tar.xz
4f09e28978869b9fcb5e8dc61c279d0f774438cd2d90ceb01336902198f17f89 365356 libspring-core-java_3.0.6.RELEASE-17+deb8u1_all.deb
5b76a00943054580feeea4785e7441020245202ffc64cd239355387e2342f7c6 517658 libspring-beans-java_3.0.6.RELEASE-17+deb8u1_all.deb
1e1ace34dd9c97402b181d8ed90438b4b2635e1c539004cf8910448cb523a242 328068 libspring-aop-java_3.0.6.RELEASE-17+deb8u1_all.deb
2dd9e12708ecb39a9e85eed4c6cc4776f225bd45cac93ddcd604023d64372232 591244 libspring-context-java_3.0.6.RELEASE-17+deb8u1_all.deb
d531cfb9afc57a0f71d0a3a4f1da4e7a1ef558fa70e4a01af7829db9a27d2b8b 114292 libspring-context-support-java_3.0.6.RELEASE-17+deb8u1_all.deb
12348b5cb585dacfe709540f227b27cc3f68f564d35f2b923c5f3bd1fabdacab 374696 libspring-web-java_3.0.6.RELEASE-17+deb8u1_all.deb
61f80e42c2fea3e2c701d1535ede1216cdb6c8a3705e0972293c80bcdb388f0b 399142 libspring-web-servlet-java_3.0.6.RELEASE-17+deb8u1_all.deb
290923add9deef4eabe8f1434164013e14c41e103df9079eff50c9bae8e4a6f6 180610 libspring-web-portlet-java_3.0.6.RELEASE-17+deb8u1_all.deb
d8bbca5148636eb3cc615fb322c4af5aa29a42ed21a588dfcca2a0f345ff591c 204958 libspring-test-java_3.0.6.RELEASE-17+deb8u1_all.deb
b41759d5bfaf832ed50fc1a9181f8e01731f05757051be0c26fadd655257441b 212336 libspring-transaction-java_3.0.6.RELEASE-17+deb8u1_all.deb
0c8285aba2c940f749259216f2ff85902a39a3ab10d27b8691d2921396d611fa 357550 libspring-jdbc-java_3.0.6.RELEASE-17+deb8u1_all.deb
83674377a7dec2f24f3013de2667eb5bad8980494a78d99b7051f73f374c6db2 187038 libspring-jms-java_3.0.6.RELEASE-17+deb8u1_all.deb
df6f62e1e8aba426f16169f558db07886ae3a4fe125ca0d3ad526e44ff60398c 316000 libspring-orm-java_3.0.6.RELEASE-17+deb8u1_all.deb
dc067ebccc0232e8141a2ca4261b5bc21b974cbb78d961dca015e8f76815312a 177314 libspring-expression-java_3.0.6.RELEASE-17+deb8u1_all.deb
7eb2364e36229795f1c4fd062f55f01186a1783ab8c603f169c55e112a603ac0 81988 libspring-oxm-java_3.0.6.RELEASE-17+deb8u1_all.deb
da205ded1f5b6371183d87d66c759044bc791b8ed120c8e3c1121dd48a0a215f 31290 libspring-instrument-java_3.0.6.RELEASE-17+deb8u1_all.deb
Files:
a58cd2b60081d943a8616723014e7d7a 4571 java extra libspring-java_3.0.6.RELEASE-17+deb8u1.dsc
94d0061e56d508cb9f935a6602ac5447 11192531 java extra libspring-java_3.0.6.RELEASE.orig.tar.gz
9337ce259558cc9790e758dff7bccf64 36604 java extra libspring-java_3.0.6.RELEASE-17+deb8u1.debian.tar.xz
316732ffbab93791285fc21ad10ab4d0 365356 java extra libspring-core-java_3.0.6.RELEASE-17+deb8u1_all.deb
5166e90dffbb902ef5f320bf017718f7 517658 java extra libspring-beans-java_3.0.6.RELEASE-17+deb8u1_all.deb
20a320faf7712dd83654a0d79fe103da 328068 java extra libspring-aop-java_3.0.6.RELEASE-17+deb8u1_all.deb
707faf1b9c1d01397ebb4c399dcf6ccf 591244 java extra libspring-context-java_3.0.6.RELEASE-17+deb8u1_all.deb
5513b67874d7f00c263340a885e1dda6 114292 java extra libspring-context-support-java_3.0.6.RELEASE-17+deb8u1_all.deb
a8d8484b75b9a2090a859876e6bbaf50 374696 java extra libspring-web-java_3.0.6.RELEASE-17+deb8u1_all.deb
878ac1c07e6f70a2f0b58a663cbdeedc 399142 java extra libspring-web-servlet-java_3.0.6.RELEASE-17+deb8u1_all.deb
9659365a57237ab3a62540e2eed1ec09 180610 java extra libspring-web-portlet-java_3.0.6.RELEASE-17+deb8u1_all.deb
e0cf0dc5def033477f5fa6bc17c96ea4 204958 java extra libspring-test-java_3.0.6.RELEASE-17+deb8u1_all.deb
a84fa8f2cea84a59e1af8810d04c41e0 212336 java extra libspring-transaction-java_3.0.6.RELEASE-17+deb8u1_all.deb
744f5b684eb402591b9052b0a503c26d 357550 java extra libspring-jdbc-java_3.0.6.RELEASE-17+deb8u1_all.deb
208df94fdbb79df25b79155923621757 187038 java extra libspring-jms-java_3.0.6.RELEASE-17+deb8u1_all.deb
1a2696807b86f7e52f4f39e810d9964b 316000 java extra libspring-orm-java_3.0.6.RELEASE-17+deb8u1_all.deb
78ae57f5c2e779c8de7d0fa811ff5aba 177314 java extra libspring-expression-java_3.0.6.RELEASE-17+deb8u1_all.deb
2455bdd847cb3311d3a238a607a6f8b2 81988 java extra libspring-oxm-java_3.0.6.RELEASE-17+deb8u1_all.deb
25d572ef74a8f50554a7ed7c652fb95b 31290 java extra libspring-instrument-java_3.0.6.RELEASE-17+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl0qRBkACgkQldFmTdL1
kULPpg/+PFDzq4V/kRVuI42/oYuUMlkkXMvAQU3HGHFwJZOhomTbRuRHWjVBTYtP
5tlo6rCXL96VVXQW/lSFBfNdAgBdSyHVI7pwMEoYZVxezvamthAl5qf6ZiE5MQhR
lW+38muTD8ZHYy6LswhgpI6WxTC2ljBsozcadP35ICNCFHSL1EOurihXo1t8Tr6P
G7kOh2Rmv90Z9nbIpTm/u72amOfTezYqNk0ZexSvzTkBW7rarwiYeh84E7Z8Lfnx
nBTo4CZB6xm9aIvjJLHYgelK1sM5H7Mj0voqtvNcsOK/JoxmI/RKM94sM7fa1VZ3
28VsEXtXLi3QfPoNyfCuj+UtWQD5VhPF9QxmakWHlx+Ao9rGfueghXKBFpNclADm
7UZR/Nx2OpSeyCIJMnbnkU8Ft25vqzZoLhBQV9i5mwHdvGDKGpw0fH+wkKfVlwOu
i06wzpGhoMIlDTPpcmhN/z0T6itKHNDnVfilLxMvQTZ0fig/aBg6zmq7cXPc8ws1
p0kv+SsmjMrG2xBvDsgOPseSrpN53R9kRPtUSLPRMkdJtX1XavVIn2DWzCIwqMKV
joHpRF+B/d+TIZjEbcFsRrwhLczoaDHrCJGBxHWjJf1al0pLuDVrR7q2wmC0TgPO
CtFOESjgpa3/dTHbwhZzJqak8PO3wE9XFwQHStGaQXZjBbOIB0c=
=or7I
-----END PGP SIGNATURE-----
Reply to: