libcommons-compress-java (1.18-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/java-team/libcommons-compress-java.git
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Browser: https://salsa.debian.org/java-team/libcommons-compress-java
Last scan: 2018-12-15 03:12:18+00
Next scan: 2018-12-16 00:22:00+00

Debian changelog in Git:

libcommons-compress-java (1.18-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.18.
    - Fix CVE-2018-11771.
      When reading a specially crafted ZIP archive, the read method of Apache
      Commons Compress ZipArchiveInputStream can fail to return the correct EOF
      indication after the end of the stream has been reached. When combined
      with a java.io.InputStreamReader this can lead to an infinite stream,
      which can be used to mount a denial of service attack against services
      that use Compress' zip package. Thanks to Salvatore Bonaccorso for the
      report. (Closes: #906301)
  * Declare compliance with Debian Policy 4.2.0.

 -- Markus Koschany <apo@debian.org>  Wed, 22 Aug 2018 21:43:55 +0200

This branch is even with tag debian/1.18-1