This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch master in repository jsch.
commit cf0549125afad154e20023115bf4a749bc426c0e Author: Emmanuel Bourg <[email protected]> Date: Thu Sep 1 22:48:33 2016 +0200 Mark CVE-2016-5725 as fixed by the new version --- debian/changelog | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 8456d86..50e0974 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,11 @@ -jsch (0.1.53-2) UNRELEASED; urgency=medium +jsch (0.1.54-1) UNRELEASED; urgency=medium * Team upload. + * New upstream release + - Fixes CVE-2016-5725: Malicious SFTP servers may force a client-side + relative path traversal for recursive sftp-get allowing the server + to write files outside the clients download basedir with effective + permissions of the jsch sftp client process. * Standards-Version updated to 3.9.8 * Use secure Vcs-* URLs -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/jsch.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
