-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Jun 2025 23:44:12 +0200
Source: commons-vfs
Architecture: source
Version: 2.1-4+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1101204
Changes:
 commons-vfs (2.1-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/maven.properties: Force a Java 8 build.
   * d/patches/CVE-2025-27553.patch: Fix CVE-2025-27553 (closes: #1101204).
     Arnout Engelen discovered a Relative Path Traversal vulnerability in
     Commons VFS, a Java library that provides a single API for accessing
     various different file systems. A local or remote attacker may use this
     flaw to access files and directories outside of a root folder.
Checksums-Sha1:
 81d87d57a5168200e704969a6ea6a6a656a98150 2307 commons-vfs_2.1-4+deb12u1.dsc
 c0bbc09e0c32feff29bc381c0ac811582d3688e6 273272 commons-vfs_2.1.orig.tar.xz
 c584ce0f10f7d0cac105c2e2add817990bcc31b3 11096 commons-vfs_2.1-4+deb12u1.debian.tar.xz
 c33d9f683a6132cb027cbf3d85f578f262e8797a 15400 commons-vfs_2.1-4+deb12u1_amd64.buildinfo
Checksums-Sha256:
 2d69bd534151c2855f27a8922ae44ca4b26fd43024ad66fcfee907d2f8295a3d 2307 commons-vfs_2.1-4+deb12u1.dsc
 0a7a6d2f7515241fa5622ed5227b4464e521eecfc6d3924e02f03180e8f48f52 273272 commons-vfs_2.1.orig.tar.xz
 8d5b084147e3c2c558f391ed169bfe6b38f05ad3169ab7b8b841994292123021 11096 commons-vfs_2.1-4+deb12u1.debian.tar.xz
 62eb483bd71710dc7293fa3c940379aeb893adc4990364f333a9d6ef321060b7 15400 commons-vfs_2.1-4+deb12u1_amd64.buildinfo
Files:
 e8f04d1a80ec428287bb68466792d180 2307 java optional commons-vfs_2.1-4+deb12u1.dsc
 1ce77297ad403b477dafd27caf5f1ca1 273272 java optional commons-vfs_2.1.orig.tar.xz
 6af0cb82a3697b1b9c13145b0c02db3d 11096 java optional commons-vfs_2.1-4+deb12u1.debian.tar.xz
 f898a89e9a819520d96af1ec4c1b114c 15400 java optional commons-vfs_2.1-4+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmh4yF8ACgkQS80FZ8KW
0F1rBg/9EvLFobDq08vhetUsQ4fgluGcBmT8A2EyFpaOIkYECVrUp6fshvXjzirw
aKqYFoDJzWsXmfHsglyjQRxlBYJMXokiae2Ks4DJ0nXYpZdGr1B0r5J2aqMzKsGn
arIIMYC9pTz9UJCwmcwD5ZoiTmAZa5OebTDJhgZnIbY/CqzqoeY28lxZmbi6MO+w
d2nhInlyxBWmnyeBP1JOHHCkkJzj0O4Ndi400rnQ/EI9tlHUsaNSEFMuuo8GNGKc
GR8m4tPFyj+tBouGhdx44C8Dg5RaFi3KBaWKrQYcEO2j3f6b1rgtaSJZSmZRIlXV
qtd1JP7TtF/ngyXLGlF6N2SHe2P0MQ0tFpE5J+iZMZRfyTCZgS4DfQ95jmXSHz5r
LJkCj3/rsPX7Scu8F3UWazu2BicnG50o5vLEHWVxaqzHNvnOVNM57e7+E11+Kf9N
1zTuQCMh5a3Oo2r3NQeWDDTw6KJsydVq+9St85PidesJTt7RfoyFutyNVawwBwg5
X6LP+8R05XYUfv+yRtt7H7gSzZQD4LOXCd+XB/sladt1iBoUFed+mPfr4wk2nwyg
TF3D8cMuO+tcI/+4kEme4ZBaIIujVCz02UZefk0001u3of5jlW4ukTISeUbBBUh6
6eg1h5O9G70yozn2AbY5Kb7fC/1toYsZNVhlEGsuHKz+SV1gdqM=
=2fJc
-----END PGP SIGNATURE-----