-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 04 Aug 2021 13:31:34 +0200 Source: xmlgraphics-commons Architecture: source Version: 2.3-1+deb10u1 Distribution: buster Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Closes: 984949 Changes: xmlgraphics-commons (2.3-1+deb10u1) buster; urgency=medium . * Team upload. * Fix CVE-2020-11988: Apache XmlGraphics Commons is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (Closes: #984949) Checksums-Sha1: 3a9c6462b81f092d7a576ebce93e8641b7869952 2538 xmlgraphics-commons_2.3-1+deb10u1.dsc 450b1305d489ccd3a818e799d49dd202be27e04a 8356 xmlgraphics-commons_2.3-1+deb10u1.debian.tar.xz d6b9778bdece75e0e9042dd239ea99a1116815a2 14091 xmlgraphics-commons_2.3-1+deb10u1_amd64.buildinfo Checksums-Sha256: 822914cc6da4cfb5d1916086ab6ce477390ad3d9edc0d88c0304c9e75d9da862 2538 xmlgraphics-commons_2.3-1+deb10u1.dsc 80baa84cc954da85a56fc4865c82e08799c7da5e7ba131c752ab8ea9f1ed7839 8356 xmlgraphics-commons_2.3-1+deb10u1.debian.tar.xz b521799b4450289b75e42b16e7ba2e75eaf2cd2bdc43ed0f7491f8e0797ac85e 14091 xmlgraphics-commons_2.3-1+deb10u1_amd64.buildinfo Files: cf3c1fb9847c2559750d44333d600925 2538 java optional xmlgraphics-commons_2.3-1+deb10u1.dsc 830970944a7d10743b29e50f8e7f4e78 8356 java optional xmlgraphics-commons_2.3-1+deb10u1.debian.tar.xz 61dd71fd38fbdc0d99fd83b3f390b969 14091 java optional xmlgraphics-commons_2.3-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEKfAZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkbMoP/03ByJhL8SD1MTY0OmtWOrKht6RsLCqEdTYY nTtsSwr+75nKT49/tEd/JMEtvw5toKeNky3C654GRnULJY1/lJSxN4phsJE/H3s1 du60Hgh+/Ocrk83/DrtPb4YSv3lV9DFW0wxqTux29vUBQu/pCxO5a3GZUSsyuJLu GvtuMLpyT6p2ynRwhou/d8xVfBvg0AVrd6NY89nBP1+dnEGbqYUgEvEssOcJT7vG t6jXZZxShDwboHATmxSGYHN2SGMNtP75DDDMI40k6ETtRJldyoRMnoGzC+foSLxw kX173iRdrg5TaS/KXCMRYlxYH9ld6hiY2iF9/Q14LoBkSSOCEO96JOBrT0Hu7EWh gqqdXI6vcGyQtLV87gtFL/lsbiuIB4D0MwLkksPumbPBhpIM9quPlXZB9BBZmhtg EhUdlmkgg9iz5qYY8twcCggMr+KcO2nBo8NiYLt6xhLEs1wbhUpgrw18btr54Mo3 K4fzBSEKxzfpdwesIkrI+oHnAGTekYBF3CaNijxRJOgy43Adm6cblE9fB+4PEyX8 JCge6gxTOwp7Dcq5H7w/iau2bb/JIsu9YS6iVzRjE09H6w5fT7XQdWFvFAwYIVdu 64i2jDwumaLQYKOG56NpGZfaM3+Ri4O2K8PLPMdqKn2WwShOjjkLrZGsLI52K0g7 PSUl1ORd =oFbL -----END PGP SIGNATURE-----