Overview

File _patchinfo of Package patchinfo.38042

<patchinfo incident="38042">
  <issue tracker="bnc" id="1239973">VUL-0: CVE-2025-27553: apache-commons-vfs2: Possible path traversal issue when using NameScope.DESCENDENT</issue>
  <issue tracker="bnc" id="1239974">VUL-0: CVE-2025-30474: apache-commons-vfs2: Failing to find an FTP file can reveal the URI's password in an error message</issue>
  <issue tracker="cve" id="2025-30474"/>
  <issue tracker="cve" id="2025-27553"/>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for apache-commons-vfs2</summary>
  <description>This update for apache-commons-vfs2 fixes the following issues:

- CVE-2025-27553: Fixed possible path traversal issue when using NameScope.DESCENDENT (bsc#1239973)
- CVE-2025-30474: Fixed information disclosure due to failing to find an FTP file reveal the URI's password in an error message (bsc#1239974)

Other fixes:
- Upgrade to upstream version 2.10.0
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places