libcommons-net-java (3.9.0-1)
[PTS] [DDPO]
COMMITS: VCS has seen 2 commits since the debian/3.9.0-1 tag
- Git: https://salsa.debian.org/java-team/libcommons-net-java.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 286720
- Browser: https://salsa.debian.org/java-team/libcommons-net-java
- Last scan: 2025-10-10 22:13:02+00
- Next scan: 2025-10-17 19:36:00+00
- Debian changelog in Git:
libcommons-net-java (3.9.0-1) unstable; urgency=medium
* Team upload.
* New upstream version 3.9.0. (Closes: #1025910)
Fix CVE-2021-37533: Prior to Apache Commons Net 3.9.0, Net's FTP client
trusts the host from PASV response by default. A malicious server can
redirect the Commons Net code to use a different host, but the user has to
connect to the malicious server in the first place. This may lead to
leakage of information about services running on the private network of the
client. The default in version 3.9.0 is now false to ignore such hosts, as
cURL does.
* Declare compliance with Debian Policy 4.6.2.
* debian:/control:
- Switch to debhelper-compat = 13.
- Use canonical VCS URI.
- Update homepage URL.
- Remove obsolete Breaks and Replaces.
* Remove get-orig-source target.
* Update debian/watch and track github releases.
* Drop orig-tar.sh script.
* Drop libcommons-net-java-doc binary package.
-- Markus Koschany <apo@debian.org> Tue, 27 Dec 2022 16:24:48 +0100
- This branch is 2 commits ahead of tag debian/3.9.0-1
- Git log:
commit e3f60b4909ff4f947773a36a54a12f8491605793
Merge: d4fc851 9b191bb
Author: Alexandre Detiste <alexandre.detiste@gmail.com>
Date: Thu Sep 4 18:25:17 2025 +0200
Merge branch 'multiarch-fixes' into 'master'
Apply multi-arch hints
See merge request java-team/libcommons-net-java!1
commit 9b191bb30df38ff5280a8d6896658b853c73554f
Author: Debian Janitor <janitor@jelmer.uk>
Date: Sat Apr 8 20:30:05 2023 +0000
Apply multi-arch hints.
+ libcommons-net-java: Add Multi-Arch: foreign.
Changes-By: apply-multiarch-hints
