Patches

Debian Patches

Status for libcommons-lang-java/2.6-11

Patch	Description	Author	Forwarded	Bugs	Origin	Last update
01-source-encoding.patch	Set the source encoding to fix the build failure with recent JDKs	Emmanuel Bourg <ebourg@apache.org>	not-needed
02-java17-compatibility.patch	Fixes the compatibility with Java 17	Emmanuel Bourg <ebourg@apache.org>	no
03-CVE-2025-48924.patch	[PATCH] Rewrite ClassUtils.getClass() without recursion to avoid StackOverflowError on very long inputs. - This was found fuzz testing Apache Commons Text which relies on ClassUtils. - OssFuzz Issue 42522972: apache-commons-text:StringSubstitutorInterpolatorFuzzer: Security exception in org.apache.commons.lang3.ClassUtils.getClass	Gary Gregory <garydgregory@gmail.com>	yes	debian upstream	https://github.com/apache/commons-lang/commit/b424803abdb2bec818e4fbcb251ce031c22aca53	2024-09-21

All known versions for source package 'libcommons-lang-java'

• 2.6-11 (sid, forky)
• 2.6-10 (trixie, bookworm)

Links

• Package Tracker for 'libcommons-lang-java'
• Debian Maintainer Dashboard for 'libcommons-lang-java'
• Browse sources for 'libcommons-lang-java/2.6-11' on sources.debian.org
• DEP3: Patch Tagging Guidelines