Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:libcommons-lang3-java User: [email protected] Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 [ Reason ] This upload attempts to fix CVE-2025-48924, an uncontrolled recursion vulnerability that can lead to a StackOverflowError, for users of Debian Trixie. [ Impact ] If the update is not approved, users might be affected by CVE-2025-48924. [ Tests ] The patch adds a new test to check if the fix is successful. I also did some successful manual testing. [ Risks ] There is the risk of regression. But the patch is rather small and tested. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The patch uses the official rewrite that avoids the recursion. [ Other info ] The issue has been fixed in LTS as well and will be going to be fixed in ELTS. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmi1lqkACgkQS80FZ8KW 0F1JJQ/+Pye+XLnhmxdtDjw65yNRitQpv75TAOTlI/c8DbR2wWWdi0YdT1xBNQOy Pa4B9epOIpcy/xHQAvvbsMj9i1ol3dRBFqkWb0vigEU1mbSA7kqyIZcYF/uaTb5Z ufRbVzVNkAiNqNKULE8wh/PgEuUpK61AfAPaVyO18ZmhSvOvxhvFKq00E5IiFpsl qgtdXE5G9OsFjpA5ncaMHHS2uSmUKNwkoDlkV9IBgwbcwVhaAq0Dy6kgddugt3Fx DDJy2bfmjET3tQuCFc6vWtyA2GvahoLtEiZAGO1JBBdjFdlOO0SuZWIhSMnByYm4 QteR+Eqcc0JBBq8DfcmWdbz6CJhHqbgYUodXqO8gO3MY11K6Sg+eSj6Ig7C7Do3X 3NEku7wj0wdVNs/qYXzEPNUuou/aWMTqSOpADmu/1JflWS+ROOjN2VHv/UJ/tZWP b+Vg9UAQ53ebd5bj8OkPfU5Mqj2e2KIFmjqgOFHQxCB/eH5jMpIDDuxFFMpjv/7n OOA9uEITX8VU3g4SYY0FqkKcwV8sxfrZ9mcrrUT24Hj0cppOvAoLF8fuMqu6jWBA WRJ/HLjlu5KIV68ELFU/xCc4z732vGafdBan0QozrJ0CegHw3y2/0wQb6XDbjXqy lGhC0VjNTGQxE1SufvRsm6UojfsJoTBSMJvNoqpI247hHK6iJig= =me3V -----END PGP SIGNATURE-----
