Publishing details

Published on 2018-11-13
Copied from ubuntu trusty in Private PPA for Ubuntu Security Team by Mike Salvatore

Changelog

plexus-archiver (1.2-1+deb8u1build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

plexus-archiver (1.2-1+deb8u1) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fail when trying to extract outside of dest dir (CVE-2018-1002200)
    Fixes arbitrary file write vulnerability using a specially crafted zip
    file. (Closes: #900953)

 -- Mike Salvatore <email address hidden>  Fri, 09 Nov 2018 11:18:57 -0500

Available diffs

diff from 1.2-1 (in Debian) to 1.2-1+deb8u1build0.14.04.1 (1.4 KiB)

Builds

i386

Built packages

libplexus-archiver-java Archiver plugin for the Plexus compiler system

Package files

libplexus-archiver-java_1.2-1+deb8u1build0.14.04.1_all.deb (161.7 KiB)
plexus-archiver_1.2-1+deb8u1build0.14.04.1.debian.tar.gz (4.6 KiB)
plexus-archiver_1.2-1+deb8u1build0.14.04.1.dsc (2.3 KiB)
plexus-archiver_1.2.orig.tar.gz (123.0 KiB)