libcommons-net-java (3.9.0-1) unstable; urgency=medium
* Team upload.
* New upstream version 3.9.0. (Closes: #1025910)
Fix CVE-2021-37533: Prior to Apache Commons Net 3.9.0, Net's FTP client
trusts the host from PASV response by default. A malicious server can
redirect the Commons Net code to use a different host, but the user has to
connect to the malicious server in the first place. This may lead to
leakage of information about services running on the private network of the
client. The default in version 3.9.0 is now false to ignore such hosts, as
cURL does.
* Declare compliance with Debian Policy 4.6.2.
* debian:/control:
- Switch to debhelper-compat = 13.
- Use canonical VCS URI.
- Update homepage URL.
- Remove obsolete Breaks and Replaces.
* Remove get-orig-source target.
* Update debian/watch and track github releases.
* Drop orig-tar.sh script.
* Drop libcommons-net-java-doc binary package.
-- Markus Koschany <email address hidden> Tue, 27 Dec 2022 16:24:48 +0100
