-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Jun 2025 23:44:12 +0200
Source: commons-vfs
Binary: libcommons-vfs-java
Architecture: all
Version: 2.1-4+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Description:
 libcommons-vfs-java - Java API for accessing various filesystems
Closes: 1101204
Changes:
 commons-vfs (2.1-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/maven.properties: Force a Java 8 build.
   * d/patches/CVE-2025-27553.patch: Fix CVE-2025-27553 (closes: #1101204).
     Arnout Engelen discovered a Relative Path Traversal vulnerability in
     Commons VFS, a Java library that provides a single API for accessing
     various different file systems. A local or remote attacker may use this
     flaw to access files and directories outside of a root folder.
Checksums-Sha1:
 6c5f2ec224ec3d193c07fd4a5edfe761649364d9 14796 commons-vfs_2.1-4+deb12u1_all-buildd.buildinfo
 a89d3ebf9c0172cf478c08724dbafa3f3b884724 374388 libcommons-vfs-java_2.1-4+deb12u1_all.deb
Checksums-Sha256:
 6552bf5474b913703012af23f741113acb279c1d2d69abf6d99cf0c094b4d106 14796 commons-vfs_2.1-4+deb12u1_all-buildd.buildinfo
 9da8a6040cf04087f2965a98c4f155ee08a2f4ad280fd412327faa38db1d6a4e 374388 libcommons-vfs-java_2.1-4+deb12u1_all.deb
Files:
 cfd001c6fb0fb5d93014443c9517d30b 14796 java optional commons-vfs_2.1-4+deb12u1_all-buildd.buildinfo
 b50ab3998a0220b08e100ab748e51222 374388 java optional libcommons-vfs-java_2.1-4+deb12u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmiHOSEACgkQJm69HxMT
N+qq0g//WbQGESwX/iHJ7Q3wr2eVz8Tt/lf1p8A1KnwY+633SgSf8MToIC6LTU4D
Tiw8kHUNG86wD87ogAw6FfG1tIXLUY+PmJxJsVXgFHJMK/P2Kle5GMyjeRMP8syp
Ex7v91BxRyxxiSqbbRW86HccpewxZJVCRVEb1kVoKAFvyxWa5VA8naizsKU9Q+1H
3MiHJZJu3lN7hztr9EzzOprejOp7zDmC9MX5eiA1oq5WWf2rrHW48cArSnHuR4rV
49zcgqA5nwbpITJbkplNwReha2i41o8q1/JMG+ZgHBiuSwp7/tu6FKr+DXMCrNim
5qkKjBTN51Da/VLEi+AYlRK8TGSfo5HtrJBjp5bK8zXM4OJGW1ihW+R7QYwAVxBA
QYPVaqsm3v9rYMHThYYODOA1rhOWfryjep4qIPcQU4yXP9o2LKD4TNeC61GZ6LlH
1RTZzr+W3PcXJ4s1b45Tyql2tEn57U2WQXQMnsINR6o6VtJgqMIqC/WvME4Tz4rf
NPhpw442iGc02vRwN19X5p8m37k0Fc4GYZ2iZOcBWK3OiCOITW3jHGtYp0Byr8Xq
SFzsHoi2UOK+Fmn4GbzANRRqXWF3LnRu5i1OEKlQBwJ2S+2Z1TF6bnCrWCsqVmtl
p3ceOT0+nknEeys+hZyRknKeGazaZR0mbsTklLT/YaDcRCTEgZs=
=Sjpw
-----END PGP SIGNATURE-----