Debian Bug report logs - #726601
libcommons-fileupload-java: CVE-2013-2186

version graph

Package: libcommons-fileupload-java; Maintainer for libcommons-fileupload-java is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>; Source for libcommons-fileupload-java is src:libcommons-fileupload-java.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 17 Oct 2013 05:39:02 UTC

Severity: grave

Tags: fixed-upstream, patch, security, upstream

Found in versions libcommons-fileupload-java/1.2.2-1, libcommons-fileupload-java/1.3-2

Fixed in versions libcommons-fileupload-java/1.3-2.1, libcommons-fileupload-java/1.2.2-1+deb7u1, libcommons-fileupload-java/1.2.2-1+deb6u1

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#726601; Package libcommons-fileupload-java. (Thu, 17 Oct 2013 05:39:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Thu, 17 Oct 2013 05:39:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libcommons-fileupload-java: CVE-2013-218
Date: Thu, 17 Oct 2013 07:29:37 +0200
Package: libcommons-fileupload-java
Severity: grave
Tags: security
Justification: user security hole

Red Hat fixed a security issue Commons FileUpload:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2186

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#726601; Package libcommons-fileupload-java. (Wed, 13 Nov 2013 15:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Marc Deslauriers <marc.deslauriers@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Wed, 13 Nov 2013 15:18:04 GMT) Full text and rfc822 format available.

Message #10 received at 726601@bugs.debian.org (full text, mbox):

From: Marc Deslauriers <marc.deslauriers@ubuntu.com>
To: Debian Bug Tracking System <726601@bugs.debian.org>
Subject: Re: libcommons-fileupload-java: CVE-2013-218
Date: Wed, 13 Nov 2013 10:15:16 -0500
[Message part 1 (text/plain, inline)]
Package: libcommons-fileupload-java
Version: 1.3-2
Followup-For: Bug #726601
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch



*** /tmp/tmpA8shKI/bug_body

In Ubuntu, the attached patch was applied to achieve the following:

  * SECURITY UPDATE: arbitrary file overwrite via poison null byte
    - debian/patches/CVE-2013-2186.patch: properly validate repository in
      src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java.
    - CVE-2013-2186


Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
  APT prefers saucy-updates
  APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy-proposed'), (500, 'saucy'), (100, 'saucy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11.0-13-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
[libcommons-fileupload-java_1.3-2ubuntu1.debdiff (text/x-diff, attachment)]

Changed Bug title to 'libcommons-fileupload-java: CVE-2013-2186' from 'libcommons-fileupload-java: CVE-2013-218' Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 15 Nov 2013 14:03:10 GMT) Full text and rfc822 format available.

Added tag(s) upstream, fixed-upstream, and patch. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 15 Nov 2013 14:09:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#726601; Package libcommons-fileupload-java. (Fri, 15 Nov 2013 14:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Fri, 15 Nov 2013 14:24:04 GMT) Full text and rfc822 format available.

Message #19 received at 726601@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 726601@bugs.debian.org
Subject: libcommons-fileupload-java: diff for NMU version 1.3-2.1
Date: Fri, 15 Nov 2013 15:22:05 +0100
[Message part 1 (text/plain, inline)]
tags 726601 + pending
thanks

Dear maintainer,

I've prepared an NMU for libcommons-fileupload-java (versioned as 1.3-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
[libcommons-fileupload-java-1.3-2.1-nmu.diff (text/x-diff, attachment)]

Added tag(s) pending. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 15 Nov 2013 14:24:07 GMT) Full text and rfc822 format available.

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Sun, 17 Nov 2013 19:51:05 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 17 Nov 2013 19:51:05 GMT) Full text and rfc822 format available.

Message #26 received at 726601-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 726601-close@bugs.debian.org
Subject: Bug#726601: fixed in libcommons-fileupload-java 1.3-2.1
Date: Sun, 17 Nov 2013 19:48:29 +0000
Source: libcommons-fileupload-java
Source-Version: 1.3-2.1

We believe that the bug you reported is fixed in the latest version of
libcommons-fileupload-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726601@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libcommons-fileupload-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Nov 2013 15:04:17 +0100
Source: libcommons-fileupload-java
Binary: libcommons-fileupload-java libcommons-fileupload-java-doc
Architecture: source all
Version: 1.3-2.1
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libcommons-fileupload-java - File upload capability to your servlets and web applications
 libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads
Closes: 726601
Changes: 
 libcommons-fileupload-java (1.3-2.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Add CVE-2013-2186.patch patch.
     CVE-2013-2186: Arbitrary file upload via deserialization. Properly
     validate repository in src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java.
     Thanks to Marc Deslauriers <marc.deslauriers@ubuntu.com> for
     providing the debdiff. (Closes: #726601)
Checksums-Sha1: 
 fd6957d2b6913dc2b26eaf0df51b028a4ba3e10f 2408 libcommons-fileupload-java_1.3-2.1.dsc
 207439c5e1f8fa944db80ab7a0365a68f6f334d4 9179 libcommons-fileupload-java_1.3-2.1.debian.tar.gz
 bc70a2f66186ade550f2fe00a907d1720a5e4d36 61568 libcommons-fileupload-java_1.3-2.1_all.deb
 6cf7206315546ff8d51a99c3e993b688f6cbccba 369604 libcommons-fileupload-java-doc_1.3-2.1_all.deb
Checksums-Sha256: 
 cca68651a4ad9b7978a9a5c5f62cbcba49090af95a42e7bd9a9bc678a1e81839 2408 libcommons-fileupload-java_1.3-2.1.dsc
 e538c703b5cd5801b05b4e989e25e7edd4507e62a937284c03857fa70625aa77 9179 libcommons-fileupload-java_1.3-2.1.debian.tar.gz
 e029f3d4531507116f26f627ef688e65b8d4929aa0f0027007534f4b3ddfabdc 61568 libcommons-fileupload-java_1.3-2.1_all.deb
 0043a4b522e9f3c66ebacd27c2b26cf8a0132fed1d1b37b721855041aaa08ab1 369604 libcommons-fileupload-java-doc_1.3-2.1_all.deb
Files: 
 7b2e3b62299b6b4946c24bd142f73e7c 2408 java optional libcommons-fileupload-java_1.3-2.1.dsc
 829d99ebfd35ad699f1ad71fa7aa97c5 9179 java optional libcommons-fileupload-java_1.3-2.1.debian.tar.gz
 f30fad1535858ea305f90a52adca3c3a 61568 java optional libcommons-fileupload-java_1.3-2.1_all.deb
 ecce775c2962aed6fa772850f6f6e361 369604 doc optional libcommons-fileupload-java-doc_1.3-2.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJSiRq9AAoJEAVMuPMTQ89EGeMP/i6xiuhitDCwCjmBqsySrECa
ggBupxurvoY6DDkZF+Q1GWcUB/ARwWMwfalkzeA6DXtSRenuXyfcOHiukofY4hDq
5lNBPfJPaee4KONx0qTuUGIp/8MK06h1Y9o7rNRWSIXoNoTXEdIQFmua3mfajqNc
etm0bjXDMNGH7VlABWG0kdjEX82tY5BLvLiVEU16ta4fi4WFE2RExwUKaD/y/x2I
7SEhVZPsoGk9lUFOzrqzu9nH2mxEJu+ym9Yf113cpoLspo11Ng5rQRWZZ3EJ/IOs
z2QuwQZKIck1D3LtOeVSCPJ1UE33XNrbLKyqzbMOq6EVC7S4BwACY9SRcD+iLw5/
4y7k3CYbFJspfClKM316qTjfYIA+Pc7gaB51z/6m7G/vSJ9U2YmuDv2NQIGnzr9A
Ra4WMNAhlLo4CjUyhf6TFx6G5QVx5MExYOOyBeFrk4HehwOsBggf55HsBcJk49aW
3zPrVbAk6HXhUtaf1BLRs+o0/YSb90pBAMk1ekIDOdDUU5qWEsrMLb8KsQy+EvNG
grGOc+h7MpmsN4Ecug4Knau5ghwccD3xbuEzqLNfydwsjmBBhvY3J3hM3mxUjF3x
hpSuIOD4Wr7PvT9Yv9OsbAJmypHshpY6r7fQM30YahAUQvPfGV7I5jWeR1+SGREz
tCqW7uU71tdqOlOhByA6
=dXjO
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 21 Dec 2013 07:25:07 GMT) Full text and rfc822 format available.

Bug unarchived. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 21 Dec 2013 09:57:04 GMT) Full text and rfc822 format available.

Marked as found in versions libcommons-fileupload-java/1.2.2-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 21 Dec 2013 09:57:08 GMT) Full text and rfc822 format available.

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Mon, 06 Jan 2014 21:48:22 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Mon, 06 Jan 2014 21:48:22 GMT) Full text and rfc822 format available.

Message #37 received at 726601-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 726601-close@bugs.debian.org
Subject: Bug#726601: fixed in libcommons-fileupload-java 1.2.2-1+deb7u1
Date: Mon, 06 Jan 2014 21:47:05 +0000
Source: libcommons-fileupload-java
Source-Version: 1.2.2-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
libcommons-fileupload-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726601@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libcommons-fileupload-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Dec 2013 22:33:27 +0100
Source: libcommons-fileupload-java
Binary: libcommons-fileupload-java libcommons-fileupload-java-doc
Architecture: source all
Version: 1.2.2-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libcommons-fileupload-java - File upload capability to your servlets and web applications
 libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads
Closes: 726601
Changes: 
 libcommons-fileupload-java (1.2.2-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-2186.patch patch.
     CVE-2013-2186: Arbitrary file upload via deserialization. Properly
     validate repository in org.apache.commons.fileupload.disk.DiskFileItem.
     Thanks to Marc Deslauriers <marc.deslauriers@ubuntu.com> (Closes: #726601)
   * Add --java-lib to libcommons-fileupload-java.poms.
     In the resulting binary package the file commons-fileupload.jar in
     /usr/share/java is missing when rebuilding the package under wheezy.
     Thanks to Emmanuel Bourg <ebourg@apache.org>
Checksums-Sha1: 
 41dbaf099f71ecd5f88b3f19e83708defb7e563b 2439 libcommons-fileupload-java_1.2.2-1+deb7u1.dsc
 b2332ba704f8ce8884cbb6922197d345d4e21670 6053 libcommons-fileupload-java_1.2.2-1+deb7u1.debian.tar.gz
 fd007668d38b425f723eba18c30272471ee709ae 54366 libcommons-fileupload-java_1.2.2-1+deb7u1_all.deb
 3ae3f989241b6390bc662368e67631f1f690c847 375812 libcommons-fileupload-java-doc_1.2.2-1+deb7u1_all.deb
Checksums-Sha256: 
 3c2ccb347ce4b1aca796e1a7871de32509043c531bb6b511ce9b10d895f49c37 2439 libcommons-fileupload-java_1.2.2-1+deb7u1.dsc
 54db444d51787bb8e9fdef3f56e0eec7684627eac688305af6975709bd0e287a 6053 libcommons-fileupload-java_1.2.2-1+deb7u1.debian.tar.gz
 b3eb7778554a306cb503aa024259527a8111bf8c728a3a1f51e876d24eb792cd 54366 libcommons-fileupload-java_1.2.2-1+deb7u1_all.deb
 e134465e68068449e1c20e4683419aa342804f76903d0755145a5043e0efc96e 375812 libcommons-fileupload-java-doc_1.2.2-1+deb7u1_all.deb
Files: 
 2e35c8386cdc67e6f6041d25454fa23f 2439 java optional libcommons-fileupload-java_1.2.2-1+deb7u1.dsc
 e153306eaa6e4519c5a5e4aac144101f 6053 java optional libcommons-fileupload-java_1.2.2-1+deb7u1.debian.tar.gz
 eb4886058f3f2ff3930b3ad7e71e32b5 54366 java optional libcommons-fileupload-java_1.2.2-1+deb7u1_all.deb
 a82892ed01e4d5c0220b695f2ff005a1 375812 doc optional libcommons-fileupload-java-doc_1.2.2-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJSuDL4AAoJEAVMuPMTQ89EzQQQAKK5NU/VQ9UAeBMkXLW2GXiW
my6SptSAMPxDhjBvS9pknxQCO1+5uX0dqg09x/SsFBA2q7Hb4J9vxXW2swJr7L8H
jtTn2lwJ7nI16GBGbx/GQQiJHv7fBaXSr5EFtXs7f+hH6uji5ZY5W204xiytD73O
dBac2rp9Lqs9YZZ6IUNy3aqLrHfpHB1DWwX5Tn1JMl2tkD+okk7GrzrH07JiaGO0
D2Ot7ITncsUWRSUILQzAnB1pP08hFcmatdN5UEcYKo8lbfx3Zt8tczlsZ7BdCFbo
4DxJIT6rMUdcejYDPRa6M9wFLytV38wdr13MJcSvCS214GbO9ib21PTTORdVwmra
3qrVY/z5D5u3+JOoWBxdUT7ZZogE3yC+gML2yeZrXTuYbYbqWg6ziX4mLK4WzzH2
RhXdpRg6jXKXflrphySIiYTlmLiRY1q8jFP0etC1/m04yf07wdnokRdiqbb3auk6
yl87nfSgkRlm3XXNceOH9paqPx4UBsi0wgaDXux4mEquvffenQLPqvT1l23q28f+
dF6qfzKHxL1lPDCGPWnkp21jVFFDGK9mFvg4i/XequdEZ3aOLLUC+rHOnh8hz7AU
2T2uNFU/G91TBVWwRg2t0aTe+tiLTdd4OawXT8bspU9rGSm7+wANw+53qHjUXnl6
N+CKtK20Pur23GqeZo4t
=yFEw
-----END PGP SIGNATURE-----




Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Mon, 06 Jan 2014 22:06:05 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Mon, 06 Jan 2014 22:06:05 GMT) Full text and rfc822 format available.

Message #42 received at 726601-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 726601-close@bugs.debian.org
Subject: Bug#726601: fixed in libcommons-fileupload-java 1.2.2-1+deb6u1
Date: Mon, 06 Jan 2014 22:02:33 +0000
Source: libcommons-fileupload-java
Source-Version: 1.2.2-1+deb6u1

We believe that the bug you reported is fixed in the latest version of
libcommons-fileupload-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726601@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libcommons-fileupload-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Dec 2013 11:12:53 +0100
Source: libcommons-fileupload-java
Binary: libcommons-fileupload-java libcommons-fileupload-java-doc
Architecture: source all
Version: 1.2.2-1+deb6u1
Distribution: squeeze-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libcommons-fileupload-java - File upload capability to your servlets and web applications
 libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads
Closes: 726601
Changes: 
 libcommons-fileupload-java (1.2.2-1+deb6u1) squeeze-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-2186.patch patch.
     CVE-2013-2186: Arbitrary file upload via deserialization. Properly
     validate repository in org.apache.commons.fileupload.disk.DiskFileItem.
     Thanks to Marc Deslauriers <marc.deslauriers@ubuntu.com> (Closes: #726601)
Checksums-Sha1: 
 0659ff3343c66ffb693b10cb70ad5678a4388c0d 2329 libcommons-fileupload-java_1.2.2-1+deb6u1.dsc
 eac68561ffaa7412613458d5ac2d25d632f290bf 123220 libcommons-fileupload-java_1.2.2.orig.tar.gz
 64ab16a040ce46ffcd20b840f3148453cb0296f2 6215 libcommons-fileupload-java_1.2.2-1+deb6u1.debian.tar.gz
 e6224adfd35436e38e70b7fd96f5fae1687704ae 53326 libcommons-fileupload-java_1.2.2-1+deb6u1_all.deb
 b8a3c68c840f691dc4246d9cad71e93b4f2c4a14 117858 libcommons-fileupload-java-doc_1.2.2-1+deb6u1_all.deb
Checksums-Sha256: 
 e9739c0f98381da0f66107731b59c21c818e5232f8e4b302e7da83936eac196b 2329 libcommons-fileupload-java_1.2.2-1+deb6u1.dsc
 2f994b054b6514edd8d1bfe239db1dae5b7e581554d7c027c09d1b3afd832738 123220 libcommons-fileupload-java_1.2.2.orig.tar.gz
 eff51def523abb7c4081c66cd8b923989759c2fa6a99ab0c85e6ca723ddb8dd1 6215 libcommons-fileupload-java_1.2.2-1+deb6u1.debian.tar.gz
 1694c7eb43ab507b9264b810526660ff619f768b2e19bc439b9a8e7d8a918b43 53326 libcommons-fileupload-java_1.2.2-1+deb6u1_all.deb
 0b9a7b5f826e7ac40f9a78f1e3da215e35428e97d4160721d55ae40ad9f217b3 117858 libcommons-fileupload-java-doc_1.2.2-1+deb6u1_all.deb
Files: 
 78dc4736bfd2e390566a871547e12360 2329 java optional libcommons-fileupload-java_1.2.2-1+deb6u1.dsc
 9ec666ec10b4ffbc3b97a841dfd2c1d8 123220 java optional libcommons-fileupload-java_1.2.2.orig.tar.gz
 cafd1d184acdd1a93d441a48bf129574 6215 java optional libcommons-fileupload-java_1.2.2-1+deb6u1.debian.tar.gz
 d26f85e168f650357f07d97c46d9e721 53326 java optional libcommons-fileupload-java_1.2.2-1+deb6u1_all.deb
 e8affd66f1235ca95cbbf8bf6f54db1b 117858 doc optional libcommons-fileupload-java-doc_1.2.2-1+deb6u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJStggEAAoJEAVMuPMTQ89EchoP/0Kyu7m3q6v5G/WXRH6FbiN6
hr8jxsRjL4jkOFnTEKEOfjAl6NTmALu/VmZtlap9Rtq2UbKSS1N65gbhFsxlkZZr
36AtAsAZzTegSsXotmWKzczJrgjnQbS9mguNjugWr+rHu8ZZey6frTA3/3ZJsJ14
JrEIldB2HzwDnUeiHgTxbs5gb9vMih6h5UPiAKNP6PRS4UNlq8gAJfxg8ugrulGI
hS19RMJ7fw8kYgNUY+7b72jvnl+rdQ/5LlswU86EHFOMCgdXxDd/5U5KqPdsTJkP
4HZxOkfG1duNfxu9J9Daptx9YopZPLBgFIBld71LiFFKN+P26vv/y3MsmfGOfqp2
NqkE5XnJ5M3rDighxjl/9O6X9a2oo9Io4Z+OqJchiCDz0DH59TKQ4aYCXpX+aHvJ
aVD/FOfqEiHCqj5I443HJy0dMA6rQKKdn6ZvXdrRzmUtPQ2oneFnzxckNN7J5waM
qB5hDMKL15PMWDCqqBuOejjOEFbHmRo3tSdTZkdVi2i3BvhiIBl2+sIGmxKonrXF
o5Fk/bHI2WKXgouzdru8hhIPO5c3if0+vbfCGxC17SK3bkXP+h92izAtNcKFquFa
9rg045HWJiUBo1W9kvQRDe8UbL1ekyLlyGK/UArCLDK/WH4IQXypSCLYWI6bs5Rv
M5G7YMJR8WEOt7Iv7GS4
=o8c/
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 09 Feb 2014 07:25:11 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 19:36:34 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.