This bug was fixed in the package libcommons-fileupload-java - 1.3-3
Sponsored for Artur Rona (ari-tczew)
---------------
libcommons-fileupload-java (1.3-3) unstable; urgency=low
* Set the project.build.sourceEncoding property to fix a test failure
(Closes: #730970)
* Removed the Servlet and the Portlet APIs from the runtime dependencies
since they are provided by the Servlet container.
* Install the upstream changelog
* debian/control:
- Standards-Version updated to 3.9.5 (no changes)
- Use canonical URLs for the Vcs-* fields
* Switch to debhelper level 9
-- Emmanuel Bourg <[email protected]> Tue, 03 Dec 2013 08:35:15 +0100
libcommons-fileupload-java (1.3-2.1) unstable; urgency=low
* Non-maintainer upload.
* Add CVE-2013-2186.patch patch.
CVE-2013-2186: Arbitrary file upload via deserialization. Properly validate
repository in org.apache.commons.fileupload.disk.DiskFileItem.
Thanks to Marc Deslauriers <[email protected]> for
providing the debdiff. (Closes: #726601)
-- Salvatore Bonaccorso <[email protected]> Fri, 15 Nov 2013 15:04:17
+0100
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1253847
Title:
Sync libcommons-fileupload-java 1.3-2.1 (universe) from Debian
unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcommons-fileupload-java/+bug/1253847/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
