elasticsearch is marked for autoremoval from testing

[Debian testing autoremoval watch]

elasticsearch 1.7.3+dfsg-2 is marked for autoremoval from testing on 2015-11-30

It is affected by these RC bugs:
803713: elasticsearch: Keep out of testing


__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#804564: doxia: FTBFS: Cannot locate avalon-framework

[Daniel Schepler]

Source: doxia
Version: 1.1.4-3
Severity: serious

>From my pbuilder build log:

...
[INFO] 
[INFO] Building Doxia :: FO Module
[INFO]task-segment: [package]
[INFO] 
[INFO] [resources:resources {execution: default-resources}]
[WARNING] Using platform encoding (ANSI_X3.4-1968 actually) to copy filtered 
resources, i.e. build is platform dependent!
[INFO] Copying 4 resources
[INFO] skip non existing resourceDirectory 
/build/doxia-1.1.4/doxia-modules/doxia-module-fo/target/generated-site/xsd
[INFO] 
[ERROR] BUILD ERROR
[INFO] 
[INFO] Failed to resolve artifact.

Missing:
--
1) avalon-framework:avalon-framework-api:jar:debian

  Try downloading the file manually from the project website.

  Then, install it using the command: 
  mvn install:install-file -DgroupId=avalon-framework 
-DartifactId=avalon-framework-api -Dversion=debian -Dpackaging=jar 
-Dfile=/path/to/file

  Alternatively, if you host your own repository you can deploy the file there: 
  mvn deploy:deploy-file -DgroupId=avalon-framework 
-DartifactId=avalon-framework-api -Dversion=debian -Dpackaging=jar 
-Dfile=/path/to/file -Durl=[url] -DrepositoryId=[id]

  Path to dependency: 
1) org.apache.maven.doxia:doxia-module-fo:jar:1.1.4
2) org.apache.xmlgraphics:fop:jar:debian
3) avalon-framework:avalon-framework-api:jar:debian

2) avalon-framework:avalon-framework-impl:jar:debian

  Try downloading the file manually from the project website.

  Then, install it using the command: 
  mvn install:install-file -DgroupId=avalon-framework 
-DartifactId=avalon-framework-impl -Dversion=debian -Dpackaging=jar 
-Dfile=/path/to/file

  Alternatively, if you host your own repository you can deploy the file there: 
  mvn deploy:deploy-file -DgroupId=avalon-framework 
-DartifactId=avalon-framework-impl -Dversion=debian -Dpackaging=jar 
-Dfile=/path/to/file -Durl=[url] -DrepositoryId=[id]

  Path to dependency: 
1) org.apache.maven.doxia:doxia-module-fo:jar:1.1.4
2) org.apache.xmlgraphics:fop:jar:debian
3) avalon-framework:avalon-framework-impl:jar:debian

--
2 required artifacts are missing.

for artifact: 
  org.apache.maven.doxia:doxia-module-fo:jar:1.1.4

from the specified remote repositories:
  central (https://repo1.maven.org/maven2)



NOTE: Maven is executing in offline mode. Any artifacts not already in your 
local
repository will be inaccessible.


[INFO] 
[INFO] For more information, run Maven with the -e switch
[INFO] 
[INFO] Total time: 7 seconds
[INFO] Finished at: Mon Nov 09 16:35:09 UTC 2015
[INFO] Final Memory: 28M/486M
[INFO] 
/usr/share/cdbs/1/class/maven.mk:93: recipe for target 'mvn-build' failed
make: *** [mvn-build] Error 1
dpkg-buildpackage: error: debian/rules build gave error exit status 2

I do see libavalon-framework-java being installed elsewhere in the log; it
would seem /usr/share/maven-repo just no longer has it registered under those
identifiers.
-- 
Daniel Schepler

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libjna-java 4.2.1-1 MIGRATED to testing

[Debian testing watch]

FYI: The status of the libjna-java source package
in Debian's testing distribution has changed.

  Previous version: 4.2.0-1
  Current version:  4.2.1-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

eclipse-rse 3.4.2-2 MIGRATED to testing

[Debian testing watch]

FYI: The status of the eclipse-rse source package
in Debian's testing distribution has changed.

  Previous version: 3.4.2-1
  Current version:  3.4.2-2

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

elasticsearch 1.7.3+dfsg-2 MIGRATED to testing

[Debian testing watch]

FYI: The status of the elasticsearch source package
in Debian's testing distribution has changed.

  Previous version: 1.6.2+dfsg-1
  Current version:  1.7.3+dfsg-2

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

wagon2 2.10-1 MIGRATED to testing

[Debian testing watch]

FYI: The status of the wagon2 source package
in Debian's testing distribution has changed.

  Previous version: 2.9-1
  Current version:  2.10-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of eigenbase-resgen_1.3.0.13768-2_amd64.changes

[Debian FTP Masters]

eigenbase-resgen_1.3.0.13768-2_amd64.changes uploaded successfully to localhost
along with the files:
  eigenbase-resgen_1.3.0.13768-2.dsc
  eigenbase-resgen_1.3.0.13768-2.debian.tar.xz
  libeigenbase-resgen-java-doc_1.3.0.13768-2_all.deb
  libeigenbase-resgen-java_1.3.0.13768-2_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

maven2-core 2.2.1-23 MIGRATED to testing

[Debian testing watch]

FYI: The status of the maven2-core source package
in Debian's testing distribution has changed.

  Previous version: 2.2.1-22
  Current version:  2.2.1-23

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

eigenbase-resgen_1.3.0.13768-2_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 09 Nov 2015 16:05:26 +0100
Source: eigenbase-resgen
Binary: libeigenbase-resgen-java libeigenbase-resgen-java-doc
Architecture: source all
Version: 1.3.0.13768-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libeigenbase-resgen-java - Java i18n code generator from XML files
 libeigenbase-resgen-java-doc - Java i18n code generator from XML files - 
documentation
Changes:
 eigenbase-resgen (1.3.0.13768-2) unstable; urgency=medium
 .
   * Team upload.
   * Removed the SourceForge logo from the javadoc
   * Removed the src-html from the javadoc
   * Improved the reproducibility:
 - Set the locale and disable the timestamps when generating the javadoc
 - Use the scm-safe comment style by default
   * debian/control:
 - Standards-Version updated to 3.9.6 (no changes)
 - Co-maintenance with the Java Team
   * debian/rules: Improved the clean target
   * Moved the package to Git
   * Switch to debhelper level 9
Checksums-Sha1:
 056918bc3dbd23cb32a4c58598df5c43ae0a8890 2263 
eigenbase-resgen_1.3.0.13768-2.dsc
 25b9553048d3b1cb0fe59da4ef287f8121de8c8f 3768 
eigenbase-resgen_1.3.0.13768-2.debian.tar.xz
 03f31cbc6df699871e086c13591117d0220032b2 128586 
libeigenbase-resgen-java-doc_1.3.0.13768-2_all.deb
 898ec5ef1b517f2577a1c3b81a4e641c66e95919 135806 
libeigenbase-resgen-java_1.3.0.13768-2_all.deb
Checksums-Sha256:
 225350ca4717e359fd5c991032766873f506b1d88007d27f298bff9c044a2964 2263 
eigenbase-resgen_1.3.0.13768-2.dsc
 5a48a54ebd84ebf08b917c806aa7fb65037c581bef66fac5be81dc16ebe5e815 3768 
eigenbase-resgen_1.3.0.13768-2.debian.tar.xz
 d0341d7337471cda0e25bdef7ca40ac531bd95d6c2a2f7d25b2c957737928535 128586 
libeigenbase-resgen-java-doc_1.3.0.13768-2_all.deb
 27c46159b6f1993115a3dfe67d9d2a2b5690d39c8c548b6f2ec57c75c920b2fc 135806 
libeigenbase-resgen-java_1.3.0.13768-2_all.deb
Files:
 d2e0dce3a8008c8694b85c283922d55e 2263 java optional 
eigenbase-resgen_1.3.0.13768-2.dsc
 4626216a25a4a6f07345ccd2c31d741b 3768 java optional 
eigenbase-resgen_1.3.0.13768-2.debian.tar.xz
 7e670a8c568ad1f329ffc232960067df 128586 doc optional 
libeigenbase-resgen-java-doc_1.3.0.13768-2_all.deb
 b9cfebf83cfb1243f7e1cbe62398a6a3 135806 java optional 
libeigenbase-resgen-java_1.3.0.13768-2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWQMI7AAoJEPUTxBnkudCsu6kP/330bO3Y116Ciyv8e3as34SK
Zuw1JDIgSoGa/7ntskQdkyoD9eB9QUvQ7Eebltq5yMVfEAncQoDbBIaVgC2NOZFL
yQM1pf8yYyxtyMdUGltMv5CL5Bxadxz8c+UtNozCFMoFENBT727X4y105cEknvC+
q0C5JxUSwyWuxsCqw+kHCT3LrE/h3iydxAbZLrvYM4V+hcrL/rN2MPZkX0s0P3zI
9YMuEpsZDhN3lSrKn9ECeKgtk/4efpcVjh+S8LNRwHgxkRz4PQsSv4jYnswLJXEe
tWjdHsgXzj9qmHbJY6et94yCgdj8cW7m9TAexGbrD3FOmz2M21cu3emrXQmjYQr1
VDpqs7y8f3ELQpIIq0/+/34MOWaSf8ymP+elHuhrbN7xBV0GqICGc/qSvUXdVy4h
mY7S8hVDWCjPwWvm9IMvRFkCTP6dB8OHQqkYW2NNllCRPug8cJwgE0UU3/l3Ga62
Vz/wO/N1R2VOAkIIMRXHKq9g8Qhejhe1+fHG1RlgQiSYqrZP37kol65bVBdc2p2V
3hOaNClfzHcxH3BkTVleS4bnA7V44iPsdFzIQrxZE13me7UlAxGBJj6C5P+d4JdD
VqjPLfN/XrQfze8Zj2Bp8PCNWGeBCp3zaGxDhrtoYDP1ng8Gw08Wx/Su4eU6diz6
p7Hy0uiNPeAyyQCP1zG+
=2Kwf
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libgoogle-gson-java 2.4-1 MIGRATED to testing

[Debian testing watch]

FYI: The status of the libgoogle-gson-java source package
in Debian's testing distribution has changed.

  Previous version: 2.2.4-1
  Current version:  2.4-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

ivy 2.4.0-2 MIGRATED to testing

[Debian testing watch]

FYI: The status of the ivy source package
in Debian's testing distribution has changed.

  Previous version: 2.3.0-4
  Current version:  2.4.0-2

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

maven2 2.2.1-28 MIGRATED to testing

[Debian testing watch]

FYI: The status of the maven2 source package
in Debian's testing distribution has changed.

  Previous version: 2.2.1-27
  Current version:  2.2.1-28

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#804458: marked as done (apache-mime4j: FTBFS: POM org.apache.maven.plugins:maven-assembly-plugin:pom:2.2-beta-5 not found)

[Debian Bug Tracking System]

Your message dated Mon, 09 Nov 2015 10:48:54 +
with message-id 
and subject line Bug#804458: fixed in apache-mime4j 0.7.2-4
has caused the Debian Bug report #804458,
regarding apache-mime4j: FTBFS: POM 
org.apache.maven.plugins:maven-assembly-plugin:pom:2.2-beta-5 not found
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
804458: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804458
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache-mime4j
Version: 0.7.2-3
Severity: serious
Justification: fails to build from source
Tags: sid stretch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org

Dear Maintainer,

The package fails to build, as libmaven-assembly-plugin has been updated:

[INFO] 
[INFO] Building Apache JAMES Mime4j (Assembly)
[INFO]task-segment: [package]
[INFO] 
[INFO] 
[ERROR] BUILD ERROR
[INFO] 
[INFO] Error building POM (may not be this project's POM).


Project ID: org.apache.maven.plugins:maven-assembly-plugin

Reason: POM 'org.apache.maven.plugins:maven-assembly-plugin' not found in 
repository: System is offline.

  org.apache.maven.plugins:maven-assembly-plugin:pom:2.2-beta-5


 for project org.apache.maven.plugins:maven-assembly-plugin


[INFO] 
[INFO] For more information, run Maven with the -e switch

Full build log:
https://reproducible.debian.net/rb-pkg/unstable/amd64/apache-mime4j.html

-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
--- End Message ---
--- Begin Message ---
Source: apache-mime4j
Source-Version: 0.7.2-4

We believe that the bug you reported is fixed in the latest version of
apache-mime4j, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 804...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated apache-mime4j package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 09 Nov 2015 10:15:28 +0100
Source: apache-mime4j
Binary: libapache-mime4j-java libapache-mime4j-java-doc
Architecture: source all
Version: 0.7.2-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libapache-mime4j-java - MIME and RFC822 parser for Java
 libapache-mime4j-java-doc - MIME and RFC822 parser for Java - documentation
Closes: 804458
Changes:
 apache-mime4j (0.7.2-4) unstable; urgency=medium
 .
   * Build with maven-debian-helper (should improve the reproducibility)
   * Removed the dependency on maven-assembly-plugin (Closes: #804458)
   * Enabled the OSGi metadata
   * No longer build and install the benchmark module
   * Install the javadoc under the /usr/share/doc/libapache-mime4j-java/api
 directory instead of /usr/share/libapache-mime4j-java-doc
   * Register the documentation with doc-base
   * Standards-Version updated to 3.9.6 (no changes)
Checksums-Sha1:
 a0f693dc3b629afd7d4d551fa142279f74757e12 2310 apache-mime4j_0.7.2-4.dsc
 2b1bbca81552ae5fc9d3e9d45fd6c75c27b9c9be 3932 
apache-mime4j_0.7.2-4.debian.tar.xz
 58874acdadd62cbd6bda57a2e84fc36c06b4c684 227222 
libapache-mime4j-java-doc_0.7.2-4_all.deb
 739031d2c1cb842e185becd0f61d6fb36dedd144 366576 
libapache-mime4j-java_0.7.2-4_all.deb
Checksums-Sha256:
 aca496309dadbaee558ee92da24919cd9e7f59ac08ba5711bff2955e36fa4442 2310 
apache-mime4j_0.7.2-4.dsc
 32ac8bf494296fe05b540adfb7ad0ddb03d90395292d5be2cab559e0ac416527 3932 
apache-mime4j_0.7.2-4.debian.tar.xz
 fef43bd4beaad670670c78862b5cb51a1f3fe9cb878227c6da29a141621cb30f 227222 
libapache-mime4j-java-doc_0.7.2-4_all.deb
 

Bug#804609: netty-tcnative: FTBFS: error: implicit declaration of function 'SSLv3_client_method'

[Chris West (Faux)]

Source: netty-tcnative
Version: 1.1.33.Fork9-1
Severity: serious
Justification: fails to build from source
Tags: sid stretch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org

Dear Maintainer,

The package fails to build, probably because openssl have disabled sslv3:

src/sslcontext.c: In function 'Java_org_apache_tomcat_jni_SSLContext_make':
src/sslcontext.c:135:31: error: implicit declaration of function 
'SSLv3_client_method' [-Werror=implicit-function-declaration]
 ctx = SSL_CTX_new(SSLv3_client_method());
   ^
src/sslcontext.c:135:31: error: passing argument 1 of 'SSL_CTX_new' makes 
pointer from integer without a cast [-Werror=int-conversion]
In file included from src/ssl_private.h:46:0,
 from src/sslcontext.c:31:
/usr/include/openssl/ssl.h:2131:10: note: expected 'const SSL_METHOD * {aka 
const struct ssl_method_st *}' but argument is of type 'int'
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
  ^

Full build log:
https://reproducible.debian.net/rb-pkg/unstable/amd64/netty-tcnative.html

-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

[Moritz Muehlenhoff]

Package: jenkins
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see 
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli

Cheers,
Moritz

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of apache-mime4j_0.7.2-4_amd64.changes

[Debian FTP Masters]

apache-mime4j_0.7.2-4_amd64.changes uploaded successfully to localhost
along with the files:
  apache-mime4j_0.7.2-4.dsc
  apache-mime4j_0.7.2-4.debian.tar.xz
  libapache-mime4j-java-doc_0.7.2-4_all.deb
  libapache-mime4j-java_0.7.2-4_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of apache-mime4j_0.7.2-4_amd64.changes

[Debian FTP Masters]

apache-mime4j_0.7.2-4_amd64.changes uploaded successfully to localhost
along with the files:
  apache-mime4j_0.7.2-4.dsc
  apache-mime4j_0.7.2-4.debian.tar.xz
  libapache-mime4j-java-doc_0.7.2-4_all.deb
  libapache-mime4j-java_0.7.2-4_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

apache-mime4j_0.7.2-4_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 09 Nov 2015 10:15:28 +0100
Source: apache-mime4j
Binary: libapache-mime4j-java libapache-mime4j-java-doc
Architecture: source all
Version: 0.7.2-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libapache-mime4j-java - MIME and RFC822 parser for Java
 libapache-mime4j-java-doc - MIME and RFC822 parser for Java - documentation
Closes: 804458
Changes:
 apache-mime4j (0.7.2-4) unstable; urgency=medium
 .
   * Build with maven-debian-helper (should improve the reproducibility)
   * Removed the dependency on maven-assembly-plugin (Closes: #804458)
   * Enabled the OSGi metadata
   * No longer build and install the benchmark module
   * Install the javadoc under the /usr/share/doc/libapache-mime4j-java/api
 directory instead of /usr/share/libapache-mime4j-java-doc
   * Register the documentation with doc-base
   * Standards-Version updated to 3.9.6 (no changes)
Checksums-Sha1:
 a0f693dc3b629afd7d4d551fa142279f74757e12 2310 apache-mime4j_0.7.2-4.dsc
 2b1bbca81552ae5fc9d3e9d45fd6c75c27b9c9be 3932 
apache-mime4j_0.7.2-4.debian.tar.xz
 58874acdadd62cbd6bda57a2e84fc36c06b4c684 227222 
libapache-mime4j-java-doc_0.7.2-4_all.deb
 739031d2c1cb842e185becd0f61d6fb36dedd144 366576 
libapache-mime4j-java_0.7.2-4_all.deb
Checksums-Sha256:
 aca496309dadbaee558ee92da24919cd9e7f59ac08ba5711bff2955e36fa4442 2310 
apache-mime4j_0.7.2-4.dsc
 32ac8bf494296fe05b540adfb7ad0ddb03d90395292d5be2cab559e0ac416527 3932 
apache-mime4j_0.7.2-4.debian.tar.xz
 fef43bd4beaad670670c78862b5cb51a1f3fe9cb878227c6da29a141621cb30f 227222 
libapache-mime4j-java-doc_0.7.2-4_all.deb
 1152b13f74d6c5da9fbbae695383ea2f1296317178945046e36e49d2506da035 366576 
libapache-mime4j-java_0.7.2-4_all.deb
Files:
 3aa9a5b77306ef1f186d1791fa7b1a86 2310 java optional apache-mime4j_0.7.2-4.dsc
 a55767b9f34e135c85f5ceeadb711b59 3932 java optional 
apache-mime4j_0.7.2-4.debian.tar.xz
 fa3acea85c134e2ab8ef962c20e242cc 227222 doc optional 
libapache-mime4j-java-doc_0.7.2-4_all.deb
 7ff006a8fb1c88436ab0b6b2947c90d9 366576 java optional 
libapache-mime4j-java_0.7.2-4_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWQG31AAoJEPUTxBnkudCsxA8QALZEM7ydF0ITPFQ/3VSWubxI
WtcoUjIQmbQjRnmxF/ISfi/G3RvymzyZJ/AE8Rk4DHN6xwupGvFVokXzUlNkHEIM
jhQmbcfnNV7mlPTCCd2ep+7GWR8al9INbck5UoqjJFaMRwjxnMsPRSgx621U0CTh
1IluvJ1PGtz86FZ7hnyty8kSG+hDfB/SHY0NRcnn9A4xMVWZXcm5br14Yfesivq4
+k613VGM6nijzzSeTtEsUosqg3dmWlMpaW/19wAdSCee4sYp04hOHD1ULiyUUTCj
jt+PpY6yGP8896AtWpZVem1VuxC5KxTL85iyJTo/swAjEj8xgeMD9mLtf89qktPE
Fb1FWlmtiwnucERbazJ0/PBNmLpYjQtoOmFNfXPqgHTyhttVp7LCQ0h6td4fLsd+
feyM5XJKCtS9smcrSKX65LqzVxvQ/+w+ZrWvIW6zmZVST/bsJKACUJB3XY2z+L5z
yXorH4HldGJyd6BKtU9QeaidR9qYWTEfAJ6bFrf6VpgrMuLZjp4g9OuHFNl0FQPh
D/SulTwip6uZNR52t6DO5ssSAgGNx20C2JvLv4h66xWSoDzuFrxQpseHCCN/rAsq
tezQ9VsWNO17ZwomKaCHX6i7HRkxBJUmoCZQWRHXCCIM6LBB4Ea8zN4ShS0Qvrdo
wMPm5+oHFB2KXPJ2nA/W
=RO/a
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reproducible.debian.net status changes for libxbean-java

[Reproducible builds folks]

2015-11-09 08:41 https://reproducible.debian.net/unstable/amd64/libxbean-java 
changed from unreproducible -> reproducible

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reproducible.debian.net status changes for apache-mime4j

[Reproducible builds folks]

2015-11-09 19:24 https://reproducible.debian.net/unstable/amd64/apache-mime4j 
changed from FTBFS -> unreproducible

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

[Emmanuel Bourg]

Le 09/11/2015 09:26, Moritz Muehlenhoff a écrit :

> Indeed, I intended to file a separate bug for those (but I was  unsure 
> whether 
> jenkins used  the system-wide lib as opposed to the released versions from 
> jenkins upstream)

libjenkins-java depends on libcommons-collections3-java, but
jenkins-common has jenkins.war which contains commons-collections.jar.
So uploading a new version of libcommons-collections3-java isn't enough,
jenkins has to be rebuilt.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

apache-mime4j_0.7.2-4_amd64.changes REJECTED

[Debian FTP Masters]

apache-mime4j_0.7.2-4.dsc: Invalid size hash for 
apache-mime4j_0.7.2.orig.tar.gz:
According to the control file the size hash should be 735216,
but apache-mime4j_0.7.2.orig.tar.gz has 928728.

If you did not include apache-mime4j_0.7.2.orig.tar.gz in your upload, a 
different version
might already be known to the archive software.

===

Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.


__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

[Emmanuel Bourg]

Hi Moritz,

If I'm not mistaken this vulnerability is actually linked to a dangerous
deserialization in commons-collections if the input isn't properly
sanitized. I intend to upload a modification of commons-collections to
address this issue in Jenkins and the other applications potentially
affected.

Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

[Moritz Muehlenhoff]

On Mon, Nov 09, 2015 at 09:25:20AM +0100, Emmanuel Bourg wrote:
> Hi Moritz,
> 
> If I'm not mistaken this vulnerability is actually linked to a dangerous
> deserialization in commons-collections if the input isn't properly
> sanitized.

Indeed, I intended to file a separate bug for those (but I was  unsure whether 
jenkins used  the system-wide lib as opposed to the released versions from 
jenkins upstream)

Cheers,
Moritz

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.