Your message dated Mon, 06 Jan 2014 21:47:05 +0000
with message-id <e1w0i0n-0007bq...@franck.debian.org>
and subject line Bug#726601: fixed in libcommons-fileupload-java 1.2.2-1+deb7u1
has caused the Debian Bug report #726601,
regarding libcommons-fileupload-java: CVE-2013-2186
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
726601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libcommons-fileupload-java
Severity: grave
Tags: security
Justification: user security hole

Red Hat fixed a security issue Commons FileUpload:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2186

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Source: libcommons-fileupload-java
Source-Version: 1.2.2-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
libcommons-fileupload-java, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated 
libcommons-fileupload-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Dec 2013 22:33:27 +0100
Source: libcommons-fileupload-java
Binary: libcommons-fileupload-java libcommons-fileupload-java-doc
Architecture: source all
Version: 1.2.2-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description: 
 libcommons-fileupload-java - File upload capability to your servlets and web 
applications
 libcommons-fileupload-java-doc - Javadoc API documentation for Commons 
FileUploads
Closes: 726601
Changes: 
 libcommons-fileupload-java (1.2.2-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-2186.patch patch.
     CVE-2013-2186: Arbitrary file upload via deserialization. Properly
     validate repository in org.apache.commons.fileupload.disk.DiskFileItem.
     Thanks to Marc Deslauriers <marc.deslauri...@ubuntu.com> (Closes: #726601)
   * Add --java-lib to libcommons-fileupload-java.poms.
     In the resulting binary package the file commons-fileupload.jar in
     /usr/share/java is missing when rebuilding the package under wheezy.
     Thanks to Emmanuel Bourg <ebo...@apache.org>
Checksums-Sha1: 
 41dbaf099f71ecd5f88b3f19e83708defb7e563b 2439 
libcommons-fileupload-java_1.2.2-1+deb7u1.dsc
 b2332ba704f8ce8884cbb6922197d345d4e21670 6053 
libcommons-fileupload-java_1.2.2-1+deb7u1.debian.tar.gz
 fd007668d38b425f723eba18c30272471ee709ae 54366 
libcommons-fileupload-java_1.2.2-1+deb7u1_all.deb
 3ae3f989241b6390bc662368e67631f1f690c847 375812 
libcommons-fileupload-java-doc_1.2.2-1+deb7u1_all.deb
Checksums-Sha256: 
 3c2ccb347ce4b1aca796e1a7871de32509043c531bb6b511ce9b10d895f49c37 2439 
libcommons-fileupload-java_1.2.2-1+deb7u1.dsc
 54db444d51787bb8e9fdef3f56e0eec7684627eac688305af6975709bd0e287a 6053 
libcommons-fileupload-java_1.2.2-1+deb7u1.debian.tar.gz
 b3eb7778554a306cb503aa024259527a8111bf8c728a3a1f51e876d24eb792cd 54366 
libcommons-fileupload-java_1.2.2-1+deb7u1_all.deb
 e134465e68068449e1c20e4683419aa342804f76903d0755145a5043e0efc96e 375812 
libcommons-fileupload-java-doc_1.2.2-1+deb7u1_all.deb
Files: 
 2e35c8386cdc67e6f6041d25454fa23f 2439 java optional 
libcommons-fileupload-java_1.2.2-1+deb7u1.dsc
 e153306eaa6e4519c5a5e4aac144101f 6053 java optional 
libcommons-fileupload-java_1.2.2-1+deb7u1.debian.tar.gz
 eb4886058f3f2ff3930b3ad7e71e32b5 54366 java optional 
libcommons-fileupload-java_1.2.2-1+deb7u1_all.deb
 a82892ed01e4d5c0220b695f2ff005a1 375812 doc optional 
libcommons-fileupload-java-doc_1.2.2-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJSuDL4AAoJEAVMuPMTQ89EzQQQAKK5NU/VQ9UAeBMkXLW2GXiW
my6SptSAMPxDhjBvS9pknxQCO1+5uX0dqg09x/SsFBA2q7Hb4J9vxXW2swJr7L8H
jtTn2lwJ7nI16GBGbx/GQQiJHv7fBaXSr5EFtXs7f+hH6uji5ZY5W204xiytD73O
dBac2rp9Lqs9YZZ6IUNy3aqLrHfpHB1DWwX5Tn1JMl2tkD+okk7GrzrH07JiaGO0
D2Ot7ITncsUWRSUILQzAnB1pP08hFcmatdN5UEcYKo8lbfx3Zt8tczlsZ7BdCFbo
4DxJIT6rMUdcejYDPRa6M9wFLytV38wdr13MJcSvCS214GbO9ib21PTTORdVwmra
3qrVY/z5D5u3+JOoWBxdUT7ZZogE3yC+gML2yeZrXTuYbYbqWg6ziX4mLK4WzzH2
RhXdpRg6jXKXflrphySIiYTlmLiRY1q8jFP0etC1/m04yf07wdnokRdiqbb3auk6
yl87nfSgkRlm3XXNceOH9paqPx4UBsi0wgaDXux4mEquvffenQLPqvT1l23q28f+
dF6qfzKHxL1lPDCGPWnkp21jVFFDGK9mFvg4i/XequdEZ3aOLLUC+rHOnh8hz7AU
2T2uNFU/G91TBVWwRg2t0aTe+tiLTdd4OawXT8bspU9rGSm7+wANw+53qHjUXnl6
N+CKtK20Pur23GqeZo4t
=yFEw
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to