Publishing details

Published on 2018-11-13
Copied from ubuntu xenial in Private PPA for Ubuntu Security Team by Mike Salvatore

Changelog

plexus-archiver (2.2-1+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

plexus-archiver (2.2-1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fail when trying to extract outside of dest dir (CVE-2018-1002200)
    Fixes arbitrary file write vulnerability using a specially crafted zip
    file. (Closes: #900953)

 -- Mike Salvatore <email address hidden>  Fri, 09 Nov 2018 11:14:32 -0500

Available diffs

diff from 2.2-1 (in Debian) to 2.2-1+deb9u1build0.16.04.1 (1.4 KiB)

Builds

amd64

Built packages

libplexus-archiver-java Archiver plugin for the Plexus compiler system

Package files

libplexus-archiver-java_2.2-1+deb9u1build0.16.04.1_all.deb (167.4 KiB)
plexus-archiver_2.2-1+deb9u1build0.16.04.1.debian.tar.xz (4.9 KiB)
plexus-archiver_2.2-1+deb9u1build0.16.04.1.dsc (2.3 KiB)
plexus-archiver_2.2.orig.tar.gz (133.0 KiB)