Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:libcommons-lang-java User: [email protected] Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 [ Reason ] This upload attempts to fix CVE-2025-48924, an uncontrolled recursion vulnerability that can lead to a StackOverflowError, for users of Debian Trixie. [ Impact ] If the update is not approved, users might be affected by CVE-2025-48924. [ Tests ] The patch adds a new test to check if the fix is successful. I also did some successful manual testing. [ Risks ] There is the risk of regression. But the patch is rather small and tested. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The patch uses (a backported) rewrite that avoids the recursion. [ Other info ] The issue has been fixed in LTS/ELTS as well. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmi0kXsACgkQS80FZ8KW 0F1DaQ/9FVYxFL9ywrgGjZhAMCCbpPYUMTCDfzz5M5TjexZ7Cu5HJUL/whWjASmt /Bnf74++Ztz2X485ADmKm1rqqIhmn5aOTocARTR9zblC4jLEgpqrR6iS3ryGWlex kKMP3clpdOskwJ42OHmt16He2/EQ6Xv7xO6XD0Qf7M4ezpm2/EeIKjzhxQGjpVdb YG94nBlLTOfzPNbz3MEjglLXjLHE8IEvm6vfjadnP2XL+WxrbnFbvw1EsLi/uZE2 nYaOVD9wwlFTP6eIBrtVvr+ydAQ12EbwULBaopQ6Pb9iAsUkQY54rYvVfQzG14Ev exBNbZIOWbjnMwuDb3MkknyDf9h3SEwNLGPyvPSLC/W+eK53JzSbShmLBSeDU4Yw +XlPNGeWYOA+iLI1wprXAgrpCSNkZEOMWcBz3fEXsox5ptkKNWd/7JJ+3z1myzyz AK5jxovlzOxHZBV7TO7WjRgCuckRxV/DjbWWNYQXB5xTTg/LJR9dXx1KpjY5Njir VkNbTZlGA+nCgf20onwviJYZW29QKRPGIgDXAUtKMQI7gSWpYHZHI7uhl7fpgq7P D3vXkIisFsfZ2CV7UXluE8ws+DKc6uq/If9mPjiHdP+2vCSpVsTXwpUsKuTG0caQ 7pEG7pmlX/wtMksP88K29254s/W0eA7S52DIAPTU2MLQj80f0fk= =TIID -----END PGP SIGNATURE-----
