Bug#1113711: marked as done (trixie-pu: package libcommons-lang3-java/3.17.0-1+deb13u1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#1113711: marked as done (trixie-pu: package libcommons-lang3-java/3.17.0-1+deb13u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 15 Nov 2025 11:23:18 +0000
Message-id: <[🔎] handler.1113711.D1113711.17632057294149808.ackdone@bugs.debian.org>
Reply-to: 1113711@bugs.debian.org
References: <736c7150dc08501cc89945035c406eaf9688e144.camel@adam-barratt.org.uk> <175673105009.1120396.761979286607114911.reportbug@localhost>

Your message dated Sat, 15 Nov 2025 11:21:45 +0000
with message-id <736c7150dc08501cc89945035c406eaf9688e144.camel@adam-barratt.org.uk>
and subject line Closing requests for updates included in 13.2
has caused the Debian Bug report #1113711,
regarding trixie-pu: package libcommons-lang3-java/3.17.0-1+deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1113711: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113711
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: trixie-pu: package libcommons-lang3-java/3.17.0-1+deb13u1
From: Daniel Leidert <dleidert@debian.org>
Date: Mon, 01 Sep 2025 14:50:50 +0200
Message-id: <175673105009.1120396.761979286607114911.reportbug@localhost>

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: libcommons-lang3-java@packages.debian.org
Control: affects -1 + src:libcommons-lang3-java
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

[ Reason ]

This upload attempts to fix CVE-2025-48924, an uncontrolled recursion
vulnerability that can lead to a StackOverflowError, for users of Debian
Trixie.

[ Impact ]

If the update is not approved, users might be affected by CVE-2025-48924.

[ Tests ]

The patch adds a new test to check if the fix is successful. I also did some
successful manual testing.

[ Risks ]

There is the risk of regression. But the patch is rather small and tested.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

The patch uses the official rewrite that avoids the recursion.

[ Other info ]

The issue has been fixed in LTS as well and will be going to be fixed in ELTS.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmi1lqkACgkQS80FZ8KW
0F1JJQ/+Pye+XLnhmxdtDjw65yNRitQpv75TAOTlI/c8DbR2wWWdi0YdT1xBNQOy
Pa4B9epOIpcy/xHQAvvbsMj9i1ol3dRBFqkWb0vigEU1mbSA7kqyIZcYF/uaTb5Z
ufRbVzVNkAiNqNKULE8wh/PgEuUpK61AfAPaVyO18ZmhSvOvxhvFKq00E5IiFpsl
qgtdXE5G9OsFjpA5ncaMHHS2uSmUKNwkoDlkV9IBgwbcwVhaAq0Dy6kgddugt3Fx
DDJy2bfmjET3tQuCFc6vWtyA2GvahoLtEiZAGO1JBBdjFdlOO0SuZWIhSMnByYm4
QteR+Eqcc0JBBq8DfcmWdbz6CJhHqbgYUodXqO8gO3MY11K6Sg+eSj6Ig7C7Do3X
3NEku7wj0wdVNs/qYXzEPNUuou/aWMTqSOpADmu/1JflWS+ROOjN2VHv/UJ/tZWP
b+Vg9UAQ53ebd5bj8OkPfU5Mqj2e2KIFmjqgOFHQxCB/eH5jMpIDDuxFFMpjv/7n
OOA9uEITX8VU3g4SYY0FqkKcwV8sxfrZ9mcrrUT24Hj0cppOvAoLF8fuMqu6jWBA
WRJ/HLjlu5KIV68ELFU/xCc4z732vGafdBan0QozrJ0CegHw3y2/0wQb6XDbjXqy
lGhC0VjNTGQxE1SufvRsm6UojfsJoTBSMJvNoqpI247hHK6iJig=
=me3V
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

To: 1110859-done@bugs.debian.org, 1111236-done@bugs.debian.org, 1111733-done@bugs.debian.org, 1111734-done@bugs.debian.org, 1111808-done@bugs.debian.org, 1111819-done@bugs.debian.org, 1112097-done@bugs.debian.org, 1112120-done@bugs.debian.org, 1112256-done@bugs.debian.org, 1112261-done@bugs.debian.org, 1112276-done@bugs.debian.org, 1112282-done@bugs.debian.org, 1112283-done@bugs.debian.org, 1112380-done@bugs.debian.org, 1112479-done@bugs.debian.org, 1112557-done@bugs.debian.org, 1112668-done@bugs.debian.org, 1112671-done@bugs.debian.org, 1113711-done@bugs.debian.org, 1113750-done@bugs.debian.org, 1113757-done@bugs.debian.org, 1113761-done@bugs.debian.org, 1113778-done@bugs.debian.org, 1113799-done@bugs.debian.org, 1113804-done@bugs.debian.org, 1113860-done@bugs.debian.org, 1113882-done@bugs.debian.org, 1113902-done@bugs.debian.org, 1113904-done@bugs.debian.org, 1113961-done@bugs.debian.org, 1113979-done@bugs.debian.org, 1114595-done@bugs.debian.org, 1114684-done@bugs.debian.org, 1114755-done@bugs.debian.org, 1114855-done@bugs.debian.org, 1114929-done@bugs.debian.org, 1114979-done@bugs.debian.org, 1115257-done@bugs.debian.org, 1115486-done@bugs.debian.org, 1115530-done@bugs.debian.org, 1115749-done@bugs.debian.org, 1115815-done@bugs.debian.org, 1115860-done@bugs.debian.org, 1115899-done@bugs.debian.org, 1115914-done@bugs.debian.org, 1116012-done@bugs.debian.org, 1116020-done@bugs.debian.org, 1116040-done@bugs.debian.org, 1116053-done@bugs.debian.org, 1116127-done@bugs.debian.org, 1116196-done@bugs.debian.org, 1116201-done@bugs.debian.org, 1116386-done@bugs.debian.org, 1116523-done@bugs.debian.org, 1116526-done@bugs.debian.org, 1116547-done@bugs.debian.org, 1116575-done@bugs.debian.org, 1116665-done@bugs.debian.org, 1116705-done@bugs.debian.org, 1116938-done@bugs.debian.org, 1116945-done@bugs.debian.org, 1116983-done@bugs.debian.org, 1117467-done@bugs.debian.org, 1117469-done@bugs.debian.org, 1117828-done@bugs.debian.org, 1117843-done@bugs.debian.org, 1117876-done@bugs.debian.org, 1117909-done@bugs.debian.org, 1118008-done@bugs.debian.org, 1118037-done@bugs.debian.org, 1118047-done@bugs.debian.org, 1118228-done@bugs.debian.org, 1118374-done@bugs.debian.org, 1118434-done@bugs.debian.org, 1118443-done@bugs.debian.org, 1118458-done@bugs.debian.org, 1118547-done@bugs.debian.org, 1118657-done@bugs.debian.org, 1118663-done@bugs.debian.org, 1118673-done@bugs.debian.org, 1118674-done@bugs.debian.org, 1118737-done@bugs.debian.org, 1119085-done@bugs.debian.org, 1119088-done@bugs.debian.org, 1119115-done@bugs.debian.org, 1119136-done@bugs.debian.org, 1119142-done@bugs.debian.org, 1119256-done@bugs.debian.org, 1119286-done@bugs.debian.org, 1119287-done@bugs.debian.org, 1119288-done@bugs.debian.org, 1119291-done@bugs.debian.org, 1119301-done@bugs.debian.org, 1119303-done@bugs.debian.org, 1119719-done@bugs.debian.org, 1119798-done@bugs.debian.org, 1119854-done@bugs.debian.org, 1119909-done@bugs.debian.org, 1120048-done@bugs.debian.org, 1120050-done@bugs.debian.org, 1120054-done@bugs.debian.org, 1120125-done@bugs.debian.org, 1120129-done@bugs.debian.org, 1120143-done@bugs.debian.org, 1120145-done@bugs.debian.org, 1120148-done@bugs.debian.org, 1120151-done@bugs.debian.org, 1120262-done@bugs.debian.org, 1120278-done@bugs.debian.org, 1120289-done@bugs.debian.org, 1120325-done@bugs.debian.org, 1120345-done@bugs.debian.org, 1120350-done@bugs.debian.org, 1120358-done@bugs.debian.org, 1120360-done@bugs.debian.org, 1120445-done@bugs.debian.org

Subject: Closing requests for updates included in 13.2

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 15 Nov 2025 11:21:45 +0000

Message-id: <736c7150dc08501cc89945035c406eaf9688e144.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 13.2

Hi,

The updates referenced in each of these bugs were included in today's
13.2 trixie point release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#1112668: marked as done (trixie-pu: package poppler 25.03.5-5+deb13u2)
Next by Date: Bug#1113757: marked as done (trixie-pu: package input-remapper/2.1.1-1+deb13u1)
Previous by thread: Bug#1112668: marked as done (trixie-pu: package poppler 25.03.5-5+deb13u2)
Next by thread: Bug#1113757: marked as done (trixie-pu: package input-remapper/2.1.1-1+deb13u1)
Index(es):
- Date
- Thread