[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted libcommons-fileupload-java 1.4-1+deb11u1 (source) into oldstable-security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 21 Jul 2025 22:57:44 CEST
Source: libcommons-fileupload-java
Architecture: source
Version: 1.4-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 53166b09e866d22033eee9766e07981d1c95920d 2518 libcommons-fileupload-java_1.4-1+deb11u1.dsc
 d07ad7bd32db094311a1b04686a9b6cf6535a9ff 110148 libcommons-fileupload-java_1.4.orig.tar.xz
 ce62d35b8ad55ac11fa51a91fe303387a25d002c 10840 libcommons-fileupload-java_1.4-1+deb11u1.debian.tar.xz
 708fe900563fb500514a58e8ebf084cadcb45efe 14000 libcommons-fileupload-java_1.4-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 fcff11d24a6abd0c70ec0fa3acc9c0f5f5a419f778c902083426f003400ccf54 2518 libcommons-fileupload-java_1.4-1+deb11u1.dsc
 c4289c4a2214cf9be1d860b546dabb4e33b8faa39a0c20c8d0da9512ae83fcd7 110148 libcommons-fileupload-java_1.4.orig.tar.xz
 0ba2914eeb3334a1c8eb7f50aef892edf87684e68ae6edeaad0f25570d053de2 10840 libcommons-fileupload-java_1.4-1+deb11u1.debian.tar.xz
 bc5981ed41f7cf7ae077fad198ee66ad834cb03dafa66341467b6f0131d64b07 14000 libcommons-fileupload-java_1.4-1+deb11u1_amd64.buildinfo
Changes:
 libcommons-fileupload-java (1.4-1+deb11u1) bullseye-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2023-24998:
     Apache Commons FileUpload does not limit the number of request
     parts to be processed resulting in the possibility of an attacker
     triggering a DoS with a malicious upload or series of uploads. Note that,
     like all of the file upload limits, the new configuration option
     (FileUploadBase#setFileCountMax) is not enabled by default and must be
     explicitly configured.
   * Fix CVE-2025-48976:
     Allocation of resources for multipart headers with insufficient limits
     enabled a DoS vulnerability in Apache Commons FileUpload.
Files:
 ea75491fa6ffa3cf57b435f57cc90027 2518 java optional libcommons-fileupload-java_1.4-1+deb11u1.dsc
 1a51a54272bced1ecdd58f028068a0ee 110148 java optional libcommons-fileupload-java_1.4.orig.tar.xz
 ce68e0ce38fb4f4c25a6d50d6ea5661e 10840 java optional libcommons-fileupload-java_1.4-1+deb11u1.debian.tar.xz
 25e40b12aa5744411fedb9c9f8a4814f 14000 java optional libcommons-fileupload-java_1.4-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmh+qgxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk5MwQAMIirrxar0/94BjGMbnUtmWcqH4ZIo4YJe4S
LhPSe/tf9zJF523eTkFTgwU4iEcR42c9UZ791vlI6yMs6GnwwiTHohF/HCh1Jx+t
ERpRtrchbhV/eH8YK8YTdIiBa1l1pYaawbTlfqojwor2KRlu6h3/Jtn0NJX1YDq1
pWy5Dt85ovmwwuvTfHoLtt8FB4yN4WVsNcyiZJarc4vmiuLXfmP8BDZu7oLSuD6y
ayYEC7QQc9KJwAqz882V6k3CaMUhhqcw1/CUb7P67+i7At9oAhZgsFPKohtQmi+u
Oot0JKeVQ9R3vfq/ZUqp7natl0NmGCGhPjn96D0sQndIEEdWlztRQCemS154uROa
y/yvq6yY3ysEZj2fsnWVgKWteIs8+MzOHGnsY13QK79YoVn6YGD8Egnd/cmFdE88
KbVvl/ZUNrYx+j1aFJlJIyo9agu2sp3ohu3CCaLWYyGQsejO5pgf/x/CT4pYuJQN
6Sx/S8sw3guP8SIXDdpJoxRjhKyboKvd1xG2HZrAoTMy89fKQScqgCLpeDb8LnwA
3xuDZsjW7N6lhGsjNAnK8bQLXKCAnOkmwd//3NNj1riF6v+gNaWtrNyg6x1+oleB
IfGO20cYW44gDiSh1MxpHpIB4YWf29VLPvVeA9d/HflKN0wsvfQdGEctBWzmRwEG
EgyQ+zlL
=qFVr
-----END PGP SIGNATURE-----

Attachment: pgpyKX3vp_d5P.pgp
Description: PGP signature

Reply to: