Format: 1.8 Date: Tue, 27 Dec 2022 16:24:48 +0100 Source: libcommons-net-java Binary: libcommons-net-java Architecture: all Version: 3.9.0-1 Distribution: sid Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libcommons-net-java - Apache Commons Net - Java client API for basic Internet protocols Closes: 1025910 Changes: libcommons-net-java (3.9.0-1) unstable; urgency=medium . * Team upload. * New upstream version 3.9.0. (Closes: #1025910) Fix CVE-2021-37533: Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. * Declare compliance with Debian Policy 4.6.2. * debian:/control: - Switch to debhelper-compat = 13. - Use canonical VCS URI. - Update homepage URL. - Remove obsolete Breaks and Replaces. * Remove get-orig-source target. * Update debian/watch and track github releases. * Drop orig-tar.sh script. * Drop libcommons-net-java-doc binary package. Checksums-Sha1: 87ad204ebdebc556e466bdd828370f5bf6e6d7d4 293880 libcommons-net-java_3.9.0-1_all.deb de414aa45efef2575557b77c978d5ae93c2a590d 14252 libcommons-net-java_3.9.0-1_arm64.buildinfo Checksums-Sha256: d04f9567b418e8804071080168396462588e50cb19bbd68a3bd2b0ab773f8395 293880 libcommons-net-java_3.9.0-1_all.deb dffdc4c76f77c3054eb8d00ef4bd4f948ac7a43a89abe394a1da5ce244f3c10f 14252 libcommons-net-java_3.9.0-1_arm64.buildinfo Files: f5da244ac7443e566d4ab62b9c71e03f 293880 java optional libcommons-net-java_3.9.0-1_all.deb 26f10b240eaf7c0beab473631d4988f1 14252 java optional libcommons-net-java_3.9.0-1_arm64.buildinfo