Hi,
- add struts-1.2.9-CVE-2014-0114.patch from Red Hat to fix CVE-2014-0114
http://sources.debian.net/src/libstruts1.2-java/1.2.9-9/debian/patches/struts-1.2.9-CVE-2014-0114.patch
+protected static final Pattern CLASS_ACCESS_PATTERN = Pattern
+
Hi,
On Sun, 1 Jun 2014 15:03:20 +0900
Nobuhiro Ban ban.nobuh...@gmail.com wrote:
It's very strange regexp. Because we know (P1|.*|P2) == .* .
This pattern will match to words other than class, eg. fooClass.
I think this patch will cause a regression.
Thanks for your comment, do you have
Hi,
Thanks for your comment, do you have any fix for it?
Security vendors (LAC Co.Ltd and Mitsui Bussan Secure Directions, Inc.)
suggest /(^|\W)[cC]lass\W/, so I'm personally using naive implementation
of this pattern: Pattern.compile(.*(^|\\W)[cC]lass\\W.*) .
But I'm not IT-security
Hi,
FYI I just uploaded Commons BeanUtils 1.9.2 which includes a new
BeanIntrospector designed to fix this issue. I believe a new version of
Struts using it is expected.
Emmanuel Bourg
__
This is the maintainer address of Debian's Java team
Package: java-package
Version: 0.50+nmu2
Severity: normal
File: /usr/bin/make-jpkg
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What
---BeginMessage---
Hello Emannuel,
I did download new package from wheezy-backports as sugested, I still
have an error (different one). Please review att. file.
Best Regards,
Marko Denda
On Sun, 2014-06-01 at 15:23 +0200, Emmanuel Bourg wrote:
Hi Marko,
Please try with java-package 0.53
Hi Marko,
Please try with java-package 0.53 in the wheezy-backports, this issue
has been fixed.
Emmanuel Bourg
__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers.
Please use
debian-j...@lists.debian.org for
On Sat, May 31, 2014 at 08:40:59PM +0900, Hideki Yamane wrote:
On Sat, 31 May 2014 07:37:56 +0200
Emmanuel Bourg ebo...@apache.org wrote:
Thank you for the fix. Could you also commit your changes on alioth please?
OK, committed. Thank you for your notice, Emmanuel :)
When committed,
Le 01/06/2014 21:36, tony mancill a écrit :
Regarding switching to git, there was some push-back when it was
proposed to do this for all pkg-java packages, so the migration is
happening package-by-package. As long as the maintainers listed
in Uploaders are not opposed, feel free to convert
jarjar-maven-plugin 1.9-1 is marked for autoremoval from testing on 2014-06-16
It is affected by these RC bugs:
748564: jarjar-maven-plugin: FTBFS: Failed to resolve artifact.
__
This is the maintainer address of Debian's Java team
eclipse-linuxtools_2.2.1-1_amd64.changes uploaded successfully to localhost
along with the files:
eclipse-cdt-profiling-framework_2.2.1-1_all.deb
eclipse-cdt-profiling-framework-remote_2.2.1-1_all.deb
eclipse-cdt-valgrind_2.2.1-1_all.deb
eclipse-cdt-perf_2.2.1-1_all.deb
binary:eclipse-changelog is NEW.
binary:eclipse-rpm-editor is NEW.
Your package has been put into the NEW queue, which requires manual action
from the ftpteam to process. The upload was otherwise valid (it had a good
OpenPGP signature and file hashes are valid), so please be patient.
Packages
12 matches
Mail list logo