plexus-utils2 (3.0.22-1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the ELTS team.
  * Fix CVE-2022-4244:
    A Directory Traversal issue was discovered in plexus-utils2. This is an
    attack which aims to access files and directories that are stored outside
    the intended folder. By manipulating files with "dot-dot-slash (../)"
    sequences and its variations, or by using absolute file paths, it may be
    possible to access arbitrary files and directories stored on file system,
    including application source code, configuration, and other critical system
    files.
  * Fix CVE-2022-4245:
    The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to
    sanitize comments for a --> sequence. This issue means that text contained
    in the command string could be interpreted as XML and allow for XML
    injection

 -- Markus Koschany <apo@debian.org>  Mon, 25 Sep 2023 16:33:52 +0200

plexus-utils2 (3.0.22-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - New build dependency on libmaven-plugin-testing-java
  * Build with maven-debian-helper instead of maven-ant-helper
  * Replaced the obsolete codehaus URLs
  * Exclude the JIRA issues exported as JSON files from the upstream tarball

 -- Emmanuel Bourg <ebourg@apache.org>  Thu, 19 Nov 2015 14:49:44 +0100

plexus-utils2 (3.0.15-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
  * debian/control:
    - Standards-Version updated to 3.9.6 (no changes)
    - Use canonical URLs for the Vcs-* fields
  * Switch to debhelper level 9
  * debian/copyright: Merged the duplicate Copyright fields
  * debian/watch: Watch the release tags on Github

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 08 Oct 2014 12:27:45 +0200

plexus-utils2 (2.0.5-1) unstable; urgency=low

  * Initial release (Closes: #648774).

 -- Damien Raude-Morvan <drazzib@debian.org>  Mon, 28 Nov 2011 22:41:46 +0100
