Bug#1112671: marked as done (trixie-pu: package libcommons-lang-java/2.6-10+deb13u1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#1112671: marked as done (trixie-pu: package libcommons-lang-java/2.6-10+deb13u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 15 Nov 2025 11:23:17 +0000
Message-id: <[🔎] handler.1112671.D1112671.17632057294149798.ackdone@bugs.debian.org>
Reply-to: 1112671@bugs.debian.org
References: <736c7150dc08501cc89945035c406eaf9688e144.camel@adam-barratt.org.uk> <175666418791.997765.4781528100750160358.reportbug@localhost>

Your message dated Sat, 15 Nov 2025 11:21:45 +0000
with message-id <736c7150dc08501cc89945035c406eaf9688e144.camel@adam-barratt.org.uk>
and subject line Closing requests for updates included in 13.2
has caused the Debian Bug report #1112671,
regarding trixie-pu: package libcommons-lang-java/2.6-10+deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1112671: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112671
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: trixie-pu: package libcommons-lang-java/2.6-10+deb13u1
From: Daniel Leidert <dleidert@debian.org>
Date: Sun, 31 Aug 2025 20:16:27 +0200
Message-id: <175666418791.997765.4781528100750160358.reportbug@localhost>

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: libcommons-lang-java@packages.debian.org
Control: affects -1 + src:libcommons-lang-java
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

[ Reason ]

This upload attempts to fix CVE-2025-48924, an uncontrolled recursion
vulnerability that can lead to a StackOverflowError, for users of Debian
Trixie.

[ Impact ]

If the update is not approved, users might be affected by CVE-2025-48924.

[ Tests ]

The patch adds a new test to check if the fix is successful. I also did some
successful manual testing.

[ Risks ]

There is the risk of regression. But the patch is rather small and tested.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

The patch uses (a backported) rewrite that avoids the recursion.

[ Other info ]

The issue has been fixed in LTS/ELTS as well.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmi0kXsACgkQS80FZ8KW
0F1DaQ/9FVYxFL9ywrgGjZhAMCCbpPYUMTCDfzz5M5TjexZ7Cu5HJUL/whWjASmt
/Bnf74++Ztz2X485ADmKm1rqqIhmn5aOTocARTR9zblC4jLEgpqrR6iS3ryGWlex
kKMP3clpdOskwJ42OHmt16He2/EQ6Xv7xO6XD0Qf7M4ezpm2/EeIKjzhxQGjpVdb
YG94nBlLTOfzPNbz3MEjglLXjLHE8IEvm6vfjadnP2XL+WxrbnFbvw1EsLi/uZE2
nYaOVD9wwlFTP6eIBrtVvr+ydAQ12EbwULBaopQ6Pb9iAsUkQY54rYvVfQzG14Ev
exBNbZIOWbjnMwuDb3MkknyDf9h3SEwNLGPyvPSLC/W+eK53JzSbShmLBSeDU4Yw
+XlPNGeWYOA+iLI1wprXAgrpCSNkZEOMWcBz3fEXsox5ptkKNWd/7JJ+3z1myzyz
AK5jxovlzOxHZBV7TO7WjRgCuckRxV/DjbWWNYQXB5xTTg/LJR9dXx1KpjY5Njir
VkNbTZlGA+nCgf20onwviJYZW29QKRPGIgDXAUtKMQI7gSWpYHZHI7uhl7fpgq7P
D3vXkIisFsfZ2CV7UXluE8ws+DKc6uq/If9mPjiHdP+2vCSpVsTXwpUsKuTG0caQ
7pEG7pmlX/wtMksP88K29254s/W0eA7S52DIAPTU2MLQj80f0fk=
=TIID
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

To: 1110859-done@bugs.debian.org, 1111236-done@bugs.debian.org, 1111733-done@bugs.debian.org, 1111734-done@bugs.debian.org, 1111808-done@bugs.debian.org, 1111819-done@bugs.debian.org, 1112097-done@bugs.debian.org, 1112120-done@bugs.debian.org, 1112256-done@bugs.debian.org, 1112261-done@bugs.debian.org, 1112276-done@bugs.debian.org, 1112282-done@bugs.debian.org, 1112283-done@bugs.debian.org, 1112380-done@bugs.debian.org, 1112479-done@bugs.debian.org, 1112557-done@bugs.debian.org, 1112668-done@bugs.debian.org, 1112671-done@bugs.debian.org, 1113711-done@bugs.debian.org, 1113750-done@bugs.debian.org, 1113757-done@bugs.debian.org, 1113761-done@bugs.debian.org, 1113778-done@bugs.debian.org, 1113799-done@bugs.debian.org, 1113804-done@bugs.debian.org, 1113860-done@bugs.debian.org, 1113882-done@bugs.debian.org, 1113902-done@bugs.debian.org, 1113904-done@bugs.debian.org, 1113961-done@bugs.debian.org, 1113979-done@bugs.debian.org, 1114595-done@bugs.debian.org, 1114684-done@bugs.debian.org, 1114755-done@bugs.debian.org, 1114855-done@bugs.debian.org, 1114929-done@bugs.debian.org, 1114979-done@bugs.debian.org, 1115257-done@bugs.debian.org, 1115486-done@bugs.debian.org, 1115530-done@bugs.debian.org, 1115749-done@bugs.debian.org, 1115815-done@bugs.debian.org, 1115860-done@bugs.debian.org, 1115899-done@bugs.debian.org, 1115914-done@bugs.debian.org, 1116012-done@bugs.debian.org, 1116020-done@bugs.debian.org, 1116040-done@bugs.debian.org, 1116053-done@bugs.debian.org, 1116127-done@bugs.debian.org, 1116196-done@bugs.debian.org, 1116201-done@bugs.debian.org, 1116386-done@bugs.debian.org, 1116523-done@bugs.debian.org, 1116526-done@bugs.debian.org, 1116547-done@bugs.debian.org, 1116575-done@bugs.debian.org, 1116665-done@bugs.debian.org, 1116705-done@bugs.debian.org, 1116938-done@bugs.debian.org, 1116945-done@bugs.debian.org, 1116983-done@bugs.debian.org, 1117467-done@bugs.debian.org, 1117469-done@bugs.debian.org, 1117828-done@bugs.debian.org, 1117843-done@bugs.debian.org, 1117876-done@bugs.debian.org, 1117909-done@bugs.debian.org, 1118008-done@bugs.debian.org, 1118037-done@bugs.debian.org, 1118047-done@bugs.debian.org, 1118228-done@bugs.debian.org, 1118374-done@bugs.debian.org, 1118434-done@bugs.debian.org, 1118443-done@bugs.debian.org, 1118458-done@bugs.debian.org, 1118547-done@bugs.debian.org, 1118657-done@bugs.debian.org, 1118663-done@bugs.debian.org, 1118673-done@bugs.debian.org, 1118674-done@bugs.debian.org, 1118737-done@bugs.debian.org, 1119085-done@bugs.debian.org, 1119088-done@bugs.debian.org, 1119115-done@bugs.debian.org, 1119136-done@bugs.debian.org, 1119142-done@bugs.debian.org, 1119256-done@bugs.debian.org, 1119286-done@bugs.debian.org, 1119287-done@bugs.debian.org, 1119288-done@bugs.debian.org, 1119291-done@bugs.debian.org, 1119301-done@bugs.debian.org, 1119303-done@bugs.debian.org, 1119719-done@bugs.debian.org, 1119798-done@bugs.debian.org, 1119854-done@bugs.debian.org, 1119909-done@bugs.debian.org, 1120048-done@bugs.debian.org, 1120050-done@bugs.debian.org, 1120054-done@bugs.debian.org, 1120125-done@bugs.debian.org, 1120129-done@bugs.debian.org, 1120143-done@bugs.debian.org, 1120145-done@bugs.debian.org, 1120148-done@bugs.debian.org, 1120151-done@bugs.debian.org, 1120262-done@bugs.debian.org, 1120278-done@bugs.debian.org, 1120289-done@bugs.debian.org, 1120325-done@bugs.debian.org, 1120345-done@bugs.debian.org, 1120350-done@bugs.debian.org, 1120358-done@bugs.debian.org, 1120360-done@bugs.debian.org, 1120445-done@bugs.debian.org

Subject: Closing requests for updates included in 13.2

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 15 Nov 2025 11:21:45 +0000

Message-id: <736c7150dc08501cc89945035c406eaf9688e144.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 13.2

Hi,

The updates referenced in each of these bugs were included in today's
13.2 trixie point release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#1112283: marked as done (trixie-pu: package nova/31.0.0-6)
Next by Date: Bug#1112479: marked as done (trixie-pu: package logcheck/1.4.5+deb13u1)
Previous by thread: Bug#1112283: marked as done (trixie-pu: package nova/31.0.0-6)
Next by thread: Bug#1112479: marked as done (trixie-pu: package logcheck/1.4.5+deb13u1)
Index(es):
- Date
- Thread