Format: 1.8
Date: Tue, 17 Oct 2023 01:00:51 +0200
Source: axis
Binary: libaxis-java libaxis-java-doc
Architecture: all
Version: 1.4-29
Distribution: sid
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libaxis-java - SOAP implementation in Java
 libaxis-java-doc - SOAP implementation in Java (documentation)
Closes: 1051288
Changes:
 axis (1.4-29) unstable; urgency=medium
 .
   * Team upload.
   * Fix CVE-2023-40743:
     When integrating Apache Axis 1.x in an application, it may not have been
     obvious that looking up a service through "ServiceFactory.getService"
     allows potentially dangerous lookup mechanisms such as LDAP. When passing
     untrusted input to this API method, this could expose the application to
     DoS, SSRF and even attacks leading to RCE. (Closes: #1051288)
   * Switch to debhelper-compat = 13.
   * Declare compliance with Debian Policy 4.6.2.
Checksums-Sha1:
 c339a67a14e4d5ad00b15d7ec3708f1c78a9725b 10746 axis_1.4-29_arm64.buildinfo
 b4e971af1684ba82e4a1592edb8c620fdb1e59e1 1165308 libaxis-java-doc_1.4-29_all.deb
 a04c44135c248fb08c0ee6c34a4d3c110c6264d4 1511564 libaxis-java_1.4-29_all.deb
Checksums-Sha256:
 0e019ccbd0cfc4559194609456518558f75ebbb9855e117f3013f0ec5c10cbd2 10746 axis_1.4-29_arm64.buildinfo
 8bab8fe9ce1bc28d4e19c587cddec34259a0f726b9679e9f939eba61f1a80bb1 1165308 libaxis-java-doc_1.4-29_all.deb
 0c24d7fcd3e58aa5a29e67725c2f51fea3f394ddd6efe65ba9a329a27355a613 1511564 libaxis-java_1.4-29_all.deb
Files:
 e03f108af19b4175b925d155a94400c7 10746 java optional axis_1.4-29_arm64.buildinfo
 c45c5effc9f35f34a7954f773f92e37a 1165308 doc optional libaxis-java-doc_1.4-29_all.deb
 4096b7d5115bfd0c30136de13d591104 1511564 java optional libaxis-java_1.4-29_all.deb