Your message dated Mon, 06 Jan 2014 22:02:33 +0000 with message-id <e1w0ifl-0001yb...@franck.debian.org> and subject line Bug#726601: fixed in libcommons-fileupload-java 1.2.2-1+deb6u1 has caused the Debian Bug report #726601, regarding libcommons-fileupload-java: CVE-2013-2186 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 726601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libcommons-fileupload-java Severity: grave Tags: security Justification: user security hole Red Hat fixed a security issue Commons FileUpload: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2186 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libcommons-fileupload-java Source-Version: 1.2.2-1+deb6u1 We believe that the bug you reported is fixed in the latest version of libcommons-fileupload-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 726...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libcommons-fileupload-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2013 11:12:53 +0100 Source: libcommons-fileupload-java Binary: libcommons-fileupload-java libcommons-fileupload-java-doc Architecture: source all Version: 1.2.2-1+deb6u1 Distribution: squeeze-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libcommons-fileupload-java - File upload capability to your servlets and web applications libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads Closes: 726601 Changes: libcommons-fileupload-java (1.2.2-1+deb6u1) squeeze-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-2186.patch patch. CVE-2013-2186: Arbitrary file upload via deserialization. Properly validate repository in org.apache.commons.fileupload.disk.DiskFileItem. Thanks to Marc Deslauriers <marc.deslauri...@ubuntu.com> (Closes: #726601) Checksums-Sha1: 0659ff3343c66ffb693b10cb70ad5678a4388c0d 2329 libcommons-fileupload-java_1.2.2-1+deb6u1.dsc eac68561ffaa7412613458d5ac2d25d632f290bf 123220 libcommons-fileupload-java_1.2.2.orig.tar.gz 64ab16a040ce46ffcd20b840f3148453cb0296f2 6215 libcommons-fileupload-java_1.2.2-1+deb6u1.debian.tar.gz e6224adfd35436e38e70b7fd96f5fae1687704ae 53326 libcommons-fileupload-java_1.2.2-1+deb6u1_all.deb b8a3c68c840f691dc4246d9cad71e93b4f2c4a14 117858 libcommons-fileupload-java-doc_1.2.2-1+deb6u1_all.deb Checksums-Sha256: e9739c0f98381da0f66107731b59c21c818e5232f8e4b302e7da83936eac196b 2329 libcommons-fileupload-java_1.2.2-1+deb6u1.dsc 2f994b054b6514edd8d1bfe239db1dae5b7e581554d7c027c09d1b3afd832738 123220 libcommons-fileupload-java_1.2.2.orig.tar.gz eff51def523abb7c4081c66cd8b923989759c2fa6a99ab0c85e6ca723ddb8dd1 6215 libcommons-fileupload-java_1.2.2-1+deb6u1.debian.tar.gz 1694c7eb43ab507b9264b810526660ff619f768b2e19bc439b9a8e7d8a918b43 53326 libcommons-fileupload-java_1.2.2-1+deb6u1_all.deb 0b9a7b5f826e7ac40f9a78f1e3da215e35428e97d4160721d55ae40ad9f217b3 117858 libcommons-fileupload-java-doc_1.2.2-1+deb6u1_all.deb Files: 78dc4736bfd2e390566a871547e12360 2329 java optional libcommons-fileupload-java_1.2.2-1+deb6u1.dsc 9ec666ec10b4ffbc3b97a841dfd2c1d8 123220 java optional libcommons-fileupload-java_1.2.2.orig.tar.gz cafd1d184acdd1a93d441a48bf129574 6215 java optional libcommons-fileupload-java_1.2.2-1+deb6u1.debian.tar.gz d26f85e168f650357f07d97c46d9e721 53326 java optional libcommons-fileupload-java_1.2.2-1+deb6u1_all.deb e8affd66f1235ca95cbbf8bf6f54db1b 117858 doc optional libcommons-fileupload-java-doc_1.2.2-1+deb6u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJStggEAAoJEAVMuPMTQ89EchoP/0Kyu7m3q6v5G/WXRH6FbiN6 hr8jxsRjL4jkOFnTEKEOfjAl6NTmALu/VmZtlap9Rtq2UbKSS1N65gbhFsxlkZZr 36AtAsAZzTegSsXotmWKzczJrgjnQbS9mguNjugWr+rHu8ZZey6frTA3/3ZJsJ14 JrEIldB2HzwDnUeiHgTxbs5gb9vMih6h5UPiAKNP6PRS4UNlq8gAJfxg8ugrulGI hS19RMJ7fw8kYgNUY+7b72jvnl+rdQ/5LlswU86EHFOMCgdXxDd/5U5KqPdsTJkP 4HZxOkfG1duNfxu9J9Daptx9YopZPLBgFIBld71LiFFKN+P26vv/y3MsmfGOfqp2 NqkE5XnJ5M3rDighxjl/9O6X9a2oo9Io4Z+OqJchiCDz0DH59TKQ4aYCXpX+aHvJ aVD/FOfqEiHCqj5I443HJy0dMA6rQKKdn6ZvXdrRzmUtPQ2oneFnzxckNN7J5waM qB5hDMKL15PMWDCqqBuOejjOEFbHmRo3tSdTZkdVi2i3BvhiIBl2+sIGmxKonrXF o5Fk/bHI2WKXgouzdru8hhIPO5c3if0+vbfCGxC17SK3bkXP+h92izAtNcKFquFa 9rg045HWJiUBo1W9kvQRDe8UbL1ekyLlyGK/UArCLDK/WH4IQXypSCLYWI6bs5Rv M5G7YMJR8WEOt7Iv7GS4 =o8c/ -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
