Debian Quality Assurance

libcommons-net-java (3.9.0-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

• Git: https://salsa.debian.org/java-team/libcommons-net-java.git
• JSON
  Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
  For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
  The next upload will reset the information from the source package headers.
• Branch: master
• Path: debian/changelog
• Repo size: 135168
• Browser: https://salsa.debian.org/java-team/libcommons-net-java
• Last scan: 2024-11-17 20:51:06+00
• Next scan: 2024-11-26 17:09:00+00
• Merge requests: 1
• Debian changelog in Git:

  libcommons-net-java (3.9.0-1) unstable; urgency=medium
  
    * Team upload.
    * New upstream version 3.9.0. (Closes: #1025910)
      Fix CVE-2021-37533: Prior to Apache Commons Net 3.9.0, Net's FTP client
      trusts the host from PASV response by default. A malicious server can
      redirect the Commons Net code to use a different host, but the user has to
      connect to the malicious server in the first place. This may lead to
      leakage of information about services running on the private network of the
      client. The default in version 3.9.0 is now false to ignore such hosts, as
      cURL does.
    * Declare compliance with Debian Policy 4.6.2.
    * debian:/control:
      - Switch to debhelper-compat = 13.
      - Use canonical VCS URI.
      - Update homepage URL.
      - Remove obsolete Breaks and Replaces.
    * Remove get-orig-source target.
    * Update debian/watch and track github releases.
    * Drop orig-tar.sh script.
    * Drop libcommons-net-java-doc binary package.
  
   -- Markus Koschany <apo@debian.org>  Tue, 27 Dec 2022 16:24:48 +0100

• This branch is even with tag debian/3.9.0-1

Package: JSON [Main page]

---

Back to the Debian Project homepage.

---