Your message dated Mon, 26 Aug 2013 18:18:07 +0000
with message-id <e1ve1md-0007hg...@franck.debian.org>
and subject line Bug#720375: fixed in libxml-security-java 1.5.5-2
has caused the Debian Bug report #720375,
regarding libxml-security-java: CVE-2013-2172
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
720375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libxml-security-java
Severity: grave
Tags: security patch upstream fixed-upstream
Hi,
the following vulnerability was published for libxml-security-java.
CVE-2013-2172[0]:
Java XML Signature spoofing attack
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172
http://security-tracker.debian.org/tracker/CVE-2013-2172
[1] http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
[2] http://svn.apache.org/viewvc?view=revision&revision=1493772
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml-security-java
Source-Version: 1.5.5-2
We believe that the bug you reported is fixed in the latest version of
libxml-security-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 720...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated libxml-security-java
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 26 Aug 2013 19:56:57 +0200
Source: libxml-security-java
Binary: libxml-security-java libxml-security-java-doc
Architecture: source all
Version: 1.5.5-2
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Description:
libxml-security-java - Apache Santuario
libxml-security-java-doc - Documentation for Apache Santuario
Closes: 720375
Changes:
libxml-security-java (1.5.5-2) unstable; urgency=low
.
* Upload to unstable
* Release 1.5.5 fixes CVE-2013-2172 (Closes: #720375)
* Added the Classpath attribute in the jar manifest
Checksums-Sha1:
f2b8aaa6768668d6782d0314035d2f24da79e99b 2526 libxml-security-java_1.5.5-2.dsc
aa7571f4778fc101eabbf03b031929e1e0f710b2 5218
libxml-security-java_1.5.5-2.debian.tar.gz
b389d2165c63b453e0d7c8113bec1ab08fe92f67 557206
libxml-security-java_1.5.5-2_all.deb
d2c7f208ad3dbd4908fe117c88187d45d0ec17a7 2152894
libxml-security-java-doc_1.5.5-2_all.deb
Checksums-Sha256:
5e95a8b5932df89401f57b89d0740dc38ba13e2acbc86d870fcf9418d26def5a 2526
libxml-security-java_1.5.5-2.dsc
a8e9af1bd9cce9671a46236c4afa63c3f32b90e11089ea48169ab820a1437c7f 5218
libxml-security-java_1.5.5-2.debian.tar.gz
77b9548b5edf3f335f7fef6600f9c453eef4d5111649986f858fe640c3f753eb 557206
libxml-security-java_1.5.5-2_all.deb
951a33afd76b8ae5268aa00c498efc2f2ef6fceb93ae7bd68bc178b5cf9221ea 2152894
libxml-security-java-doc_1.5.5-2_all.deb
Files:
426e67c2c04983c971780c9da3ecfee5 2526 java optional
libxml-security-java_1.5.5-2.dsc
1f72cfc05f57c9cfab3d3c133af6b57d 5218 java optional
libxml-security-java_1.5.5-2.debian.tar.gz
fe4ea9ef2e4cb3b325477c2fc090c16b 557206 java optional
libxml-security-java_1.5.5-2_all.deb
28ce098c15adf3ed392870b504a5672d 2152894 doc optional
libxml-security-java-doc_1.5.5-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBAgAGBQJSG5gzAAoJEPUTxBnkudCsIVkP/jdfjlZWf9SHhZrPX2PUod1H
wDaJDxYrvlXe7kQUEU0lGmHTibD83Ga1mBj0M7xb6gsDJOzfxwb53lRFxmPqQeib
vRQyo0ooAGc2NBPVeSnnK2d6Buapg5A+C4EQJCgAGM9CGaKk/pgjcbQ5KKp9i/ls
1tj3BIjhsA9nPcOY0yDzF39iH1bU6+ZzS2oTaMjo2escgBV8++5zsibht4lbsksk
EObHIl8pDWyyrC9LH/bCax4Ydg7PcqiT0ISTM9poMAb90HlrQG3Dd88TxclhAjbu
zLk44HBvoWGfg9/Oxu1ZTGWw2X1AhDYtYOE+E0WWYg6U21sBO+f4mZaLCh2tJKr5
/OnV8WvRK6hDOd+/MAAw7wPgC/OONWpoI2y6oVCYS7TTkpoG2EchmUtMyiOgTdUu
ZQZ5c7ciE882zehzLAlCSf068i49yp+ZOPYhvh60MX09XAs2bLYUEWowUhfSlvt+
14TNei8QHbUxRGK+xw/pikCfuiVEqbyc4qvJFdVDjbdZLDjZntA5PCjJmfd8Rjy5
sSTV6tp8etaClewGQNQgnB+2DY59/kHX///vhZIWg4R9lsHGyzAxoEJJih4M9mxT
Vpj4cP4Lxg4+cAYPqStnSiocm4hftOO2MuP0aKcMa5K/xHQB1p+hk7179g5T3ZcD
Bd2hRz/8VWF08NFkIdOi
=ew7x
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
