plexus-utils2 (3.0.15-1+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the ELTS team.
  * Fix CVE-2022-4244:
    A Directory Traversal issue was discovered in plexus-utils2. This is an
    attack which aims to access files and directories that are stored outside
    the intended folder. By manipulating files with "dot-dot-slash (../)"
    sequences and its variations, or by using absolute file paths, it may be
    possible to access arbitrary files and directories stored on file system,
    including application source code, configuration, and other critical system
    files.
  * Fix CVE-2022-4245:
    The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to
    sanitize comments for a --> sequence. This issue means that text contained
    in the command string could be interpreted as XML and allow for XML
    injection

 -- Markus Koschany <apo@debian.org>  Mon, 25 Sep 2023 17:06:34 +0200

plexus-utils2 (3.0.15-1+deb8u1) jessie-security; urgency=medium

  * CVE-2017-1000487

 -- Moritz Muehlenhoff <jmm@debian.org>  Wed, 21 Mar 2018 18:26:19 +0100

plexus-utils2 (3.0.15-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
  * debian/control:
    - Standards-Version updated to 3.9.6 (no changes)
    - Use canonical URLs for the Vcs-* fields
  * Switch to debhelper level 9
  * debian/copyright: Merged the duplicate Copyright fields
  * debian/watch: Watch the release tags on Github

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 08 Oct 2014 12:27:45 +0200

plexus-utils2 (2.0.5-1) unstable; urgency=low

  * Initial release (Closes: #648774).

 -- Damien Raude-Morvan <drazzib@debian.org>  Mon, 28 Nov 2011 22:41:46 +0100
