Public bug reported: Please sync libcommons-fileupload-java 1.3-2.1 (universe) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped: * SECURITY UPDATE: arbitrary file overwrite via poison null byte - debian/patches/CVE-2013-2186.patch: properly validate repository in src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java. - CVE-2013-2186 Debian has merged Ubuntu changes. Changelog entries since current trusty version 1.3-2ubuntu1: libcommons-fileupload-java (1.3-2.1) unstable; urgency=low * Non-maintainer upload. * Add CVE-2013-2186.patch patch. CVE-2013-2186: Arbitrary file upload via deserialization. Properly validate repository in src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java. Thanks to Marc Deslauriers <marc.deslauri...@ubuntu.com> for providing the debdiff. (Closes: #726601) -- Salvatore Bonaccorso <car...@debian.org> Fri, 15 Nov 2013 15:04:17 +0100 ** Affects: libcommons-fileupload-java (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libcommons-fileupload-java in Ubuntu. https://bugs.launchpad.net/bugs/1253847 Title: Sync libcommons-fileupload-java 1.3-2.1 (universe) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcommons-fileupload-java/+bug/1253847/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs