-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Dec 2022 21:02:44 +0100 Source: libcommons-net-java Binary: libcommons-net-java libcommons-net-java-doc Architecture: all Version: 3.6-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: all Build Daemon (x86-csail-02) Changed-By: Markus Koschany Description: libcommons-net-java - Apache Commons Net - Java client API for basic Internet protocols libcommons-net-java-doc - Apache Commons Net (API documentation) Closes: 1025910 Changes: libcommons-net-java (3.6-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2021-37533: ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. (Closes: #1025910) Checksums-Sha1: e42d7067cbc97d286e9ec796a75b7730c12740b9 552368 libcommons-net-java-doc_3.6-1+deb11u1_all.deb 63db76e1f72a5d130c8844867282d37aa8b3925d 14032 libcommons-net-java_3.6-1+deb11u1_all-buildd.buildinfo b394134795b35fa1e8a0bcf3708626e36ed2ba0c 284328 libcommons-net-java_3.6-1+deb11u1_all.deb Checksums-Sha256: a56ccc057d6a010870081dfe7dbdc4e34cf5a32a3d6b8fd515f4d8a165da8cfe 552368 libcommons-net-java-doc_3.6-1+deb11u1_all.deb 3bfa01699926183d6f53cdd39108912040bd82e79129ce4844c7f990819da226 14032 libcommons-net-java_3.6-1+deb11u1_all-buildd.buildinfo bbb5d44f3a310acf4afd35c309041b3d5d42916b524ddb3f5a4f60bc46c34134 284328 libcommons-net-java_3.6-1+deb11u1_all.deb Files: 0ace39c44505902f2492386dc37caf00 552368 doc optional libcommons-net-java-doc_3.6-1+deb11u1_all.deb 31cae2f74cdaaf0ab8210b41cfce0738 14032 java optional libcommons-net-java_3.6-1+deb11u1_all-buildd.buildinfo 6dbdeac7d4527de20302b8bc39cee4a6 284328 java optional libcommons-net-java_3.6-1+deb11u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEEfeZ4tM1TNG7DMXxJGSMJV360gIFAmOuAKEACgkQJGSMJV36 0gKcpg/9HHirN+wZii2yu2oKi65nyVxG2CSS5MqLFltdo6L0eKGSCP/GKT62QR6M FoiXPlOhbyAo4WGotNdki7YkFl8gFdGX4PPOOymKCux1AVNKExW+gEtIdwxyuluz X+UrP2hrGTEvUoHwyWYT0eou5qZEMoXU1VYAgb7TDTib5n3gg2mqfg+CSlByQVVV fq5VttxphoKCHlfhd+T3HmMF5V8Lcp9OI0RAwz3ABSfUnHp5Pe6UNbaGpDgMSRcK tDpD5BBPdwQ19fobJpV4wPazUhRVvewc6F23Xk4X32veOA0ZSEfu46g7hXq1i/ez kbhQRFTGoxxYHs9ZZdl+m32YfvjMQO0I2Vr/fLTkvzbUdUbanrTrCNpNxEv8hGtI px+286WTU1/DCLd/Lx07hioZlZDZybt8muj0skqqC36V48U60mQfCTHUEK/jg2hV SElwSi05MJR2DkXiG+naEw/RxpFkfALGgnSPAT5YVUG8an/M29kPOlZXfMB2F0JE s5lrJpgNs1FfOi1skAqFnpBx+j3jtjl94qmQyRHmK2uwjHFy9fhYdBTlwHCf1DWT pQ4JOXQ0sYmggWzDMx6/EDJSigGb484fW6h1lRFWaKe1GoQ+dye33AD4WdUVzaI9 zsngLKMM80pcg4L7k2oljG4LbX85bYufFg7idcTLhPU26626m3k= =upTC -----END PGP SIGNATURE-----