axis (1.4-29)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/java-team/axis.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 671744
- Browser: https://salsa.debian.org/java-team/axis
- Last scan: 2024-10-08 18:27:10+00
- Next scan: 2024-10-15 02:11:00+00
- Merge requests: 1
- Debian changelog in Git:
axis (1.4-29) unstable; urgency=medium
* Team upload.
* Fix CVE-2023-40743:
When integrating Apache Axis 1.x in an application, it may not have been
obvious that looking up a service through "ServiceFactory.getService"
allows potentially dangerous lookup mechanisms such as LDAP. When passing
untrusted input to this API method, this could expose the application to
DoS, SSRF and even attacks leading to RCE. (Closes: #1051288)
* Switch to debhelper-compat = 13.
* Declare compliance with Debian Policy 4.6.2.
-- Markus Koschany <apo@debian.org> Tue, 17 Oct 2023 01:00:51 +0200
- This branch is even with tag debian/1.4-29