Bug#456148: CVE-2007-6306: Multiple cross-site scripting vulnerabilities
Package: libjfreechart-java Severity: important Tags: security Hi The following CVE[0] has been issued against libjfreechart-java. CVE-2007-6306: Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area. A potential patch can be found here[1][2], not quite sure, if there is more. Please mention the CVE id in the changelog, when you fix this issue. Thanks for your efforts. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6306 [1]: http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662r2=661pathrev=662 [2]: http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662r2=661pathrev=662 ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#456148: Current upstream fix for CVE-2007-6306 introduced regression
Hi! This has been brought to our attention: http://sourceforge.net/tracker/index.php?func=detailaid=1849333group_id=15494atid=115494 Upstream author is looking into the issue and expects to release update soon. HTH -- Tomas Hoger ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Processing of javahelp2_2.0.05-2_i386.changes
javahelp2_2.0.05-2_i386.changes uploaded successfully to localhost along with the files: javahelp2_2.0.05-2.dsc javahelp2_2.0.05-2.diff.gz javahelp2_2.0.05-2_all.deb javahelp2-doc_2.0.05-2_all.deb Greetings, Your Debian queue daemon ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Processed: fixed in svn
Processing commands for [EMAIL PROTECTED]: tags 438660 + pending Bug#438660: Typos in package description There were no tags set. Tags added: pending tags 440581 + pending Bug#440581: Typos in package description There were no tags set. Tags added: pending tags 440582 + pending Bug#440582: Typos in package description There were no tags set. Tags added: pending tags 440583 + pending Bug#440583: Typos in package description There were no tags set. Tags added: pending tags 440584 + pending Bug#440584: Typos in package description There were no tags set. Tags added: pending tags 440585 + pending Bug#440585: Typos in package description There were no tags set. Tags added: pending tags 440586 + pending Bug#440586: Typos in package description There were no tags set. Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#447469: marked as done (javahelp2: FTBFS: class org.apache.tools.ant.taskdefs.optional.depend.Depend was not found)
Your message dated Thu, 13 Dec 2007 18:32:03 + with message-id [EMAIL PROTECTED] and subject line Bug#447469: fixed in javahelp2 2.0.05-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: javahelp2 version: 2.0.05-1 Severity: serious User: [EMAIL PROTECTED] Usertags: qa-ftbfs-20071021 qa-ftbfs Justification: FTBFS on i386 Hi, During a rebuild of all packages in sid, your package failed to build on i386. Relevant part: make[1]: Entering directory `/build/user/javahelp2-2.0.05' /usr/share/cdbs/1/rules/buildcore.mk:68: parsing javahelp2-src-2.0.05.zip ... make[1]: Nothing to be done for `update-config'. make[1]: Leaving directory `/build/user/javahelp2-2.0.05' #Create symlink to required jars mkdir -p build-tree/javahelp2-2.0.05/javahelp_nbproject/lib ln -s -f /usr/share/java/servlet-api.jar build-tree/javahelp2-2.0.05/javahelp_nbproject/lib/servlet-api.jar ln -s -f /usr/share/java/jsp-api.jar build-tree/javahelp2-2.0.05/javahelp_nbproject/lib/jsp-api.jar #Remove class uncompilable without JDIC rm -f build-tree/javahelp2-2.0.05/jhMaster/JavaHelp/src/new/javax/help/plaf/basic/BasicNativeContentViewerUI.java #Build javahelp target 'release' is for jars, target 'javadoc' is for javadoc ant -f build-tree/javahelp2-2.0.05/javahelp_nbproject/build.xml -Djdic-jar-present=true -Djdic-zip-present=true \ -Ddist.javadoc.dir=dist/lib/api \ -Dservlet-jar-present=true -Dtomcat-zip-present=true release javadoc Buildfile: build-tree/javahelp2-2.0.05/javahelp_nbproject/build.xml build-jsearch-jars: -pre-init: -init-private: -init-user: -init-project: -init-macrodef-property: -do-init: -post-init: -init-check: -init-macrodef-javac: -init-macrodef-junit: -init-macrodef-nbjpda: -init-macrodef-debug: -init-macrodef-java: -init-presetdef-jar: init: deps-jar: -pre-init: -init-private: -init-user: -init-project: -init-macrodef-property: -do-init: -post-init: -init-check: -init-macrodef-javac: Trying to override old definition of task http://www.netbeans.org/ns/j2se-project/3:javac -init-macrodef-junit: -init-macrodef-nbjpda: Trying to override old definition of task http://www.netbeans.org/ns/j2se-project/1:nbjpdastart -init-macrodef-debug: Trying to override old definition of task http://www.netbeans.org/ns/j2se-project/3:debug -init-macrodef-java: -init-presetdef-jar: init: deps-jar: download-tomcat-zip: unpack-servlet-jar: unpack-jsp-jar: download-jdic-zip: unpack-jdic-jar: -pre-init: -init-private: -init-user: -init-project: -init-macrodef-property: -do-init: -post-init: -init-check: -init-macrodef-javac: Trying to override old definition of task http://www.netbeans.org/ns/j2se-project/3:javac -init-macrodef-junit: -init-macrodef-nbjpda: Trying to override old definition of task http://www.netbeans.org/ns/j2se-project/1:nbjpdastart -init-macrodef-debug: Trying to override old definition of task http://www.netbeans.org/ns/j2se-project/3:debug -init-macrodef-java: -init-presetdef-jar: init: deps-jar: -pre-pre-compile: [mkdir] Created dir: /build/user/javahelp2-2.0.05/build-tree/javahelp2-2.0.05/javahelp_nbproject/build/classes -pre-compile: -do-compile: BUILD FAILED /build/user/javahelp2-2.0.05/build-tree/javahelp2-2.0.05/javahelp_nbproject/build.xml:119: The following error occurred while executing this line: /build/user/javahelp2-2.0.05/build-tree/javahelp2-2.0.05/JSearchIndexer_nbproject/nbproject/build-impl.xml:241: The following error occurred while executing this line: /build/user/javahelp2-2.0.05/build-tree/javahelp2-2.0.05/JSearchClient_nbproject/nbproject/build-impl.xml:241: The following error occurred while executing this line: /build/user/javahelp2-2.0.05/build-tree/javahelp2-2.0.05/javahelp_nbproject/nbproject/build-impl.xml:251: The following error occurred while executing this line: /build/user/javahelp2-2.0.05/build-tree/javahelp2-2.0.05/javahelp_nbproject/nbproject/build-impl.xml:129: Problem: failed to create task or type depend Cause: the class org.apache.tools.ant.taskdefs.optional.depend.Depend was not found. This looks like one of Ant's optional components. Action: Check that the appropriate optional JAR exists in -/usr/share/ant/lib -/nonexistent/.ant/lib -a directory added on the command line with the -lib argument Do not panic, this is a common problem. The commonest cause is a missing JAR. This is not a bug; it is a configuration problem Total time: 0 seconds make: ***
Processing of jajuk_1.4.4+svn3115-1_i386.changes
jajuk_1.4.4+svn3115-1_i386.changes uploaded successfully to localhost along with the files: jajuk_1.4.4+svn3115-1.dsc jajuk_1.4.4+svn3115.orig.tar.gz jajuk_1.4.4+svn3115-1.diff.gz jajuk_1.4.4+svn3115-1_all.deb Greetings, Your Debian queue daemon ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
jajuk_1.4.4+svn3115-1_i386.changes ACCEPTED
Accepted: jajuk_1.4.4+svn3115-1.diff.gz to pool/contrib/j/jajuk/jajuk_1.4.4+svn3115-1.diff.gz jajuk_1.4.4+svn3115-1.dsc to pool/contrib/j/jajuk/jajuk_1.4.4+svn3115-1.dsc jajuk_1.4.4+svn3115-1_all.deb to pool/contrib/j/jajuk/jajuk_1.4.4+svn3115-1_all.deb jajuk_1.4.4+svn3115.orig.tar.gz to pool/contrib/j/jajuk/jajuk_1.4.4+svn3115.orig.tar.gz Override entries for your package: jajuk_1.4.4+svn3115-1.dsc - source contrib/sound jajuk_1.4.4+svn3115-1_all.deb - optional contrib/sound Announcing to [EMAIL PROTECTED] Thank you for your contribution to Debian. ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#286656: Reopen of bug closed by spam
reopen 286656 thanks Re-open bug as this one was closed by spam. Cheers, Michael ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Processed: Reopen of bug closed by spam
Processing commands for [EMAIL PROTECTED]: reopen 286656 Bug#286656: java-package: Could be merged with alien? Bug reopened, originator not changed. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Processing of tomcat5.5_5.5.25-3_amd64.changes
tomcat5.5_5.5.25-3_amd64.changes uploaded successfully to localhost along with the files: tomcat5.5_5.5.25-3.dsc tomcat5.5_5.5.25-3.diff.gz tomcat5.5_5.5.25-3_all.deb libtomcat5.5-java_5.5.25-3_all.deb tomcat5.5-webapps_5.5.25-3_all.deb tomcat5.5-admin_5.5.25-3_all.deb Greetings, Your Debian queue daemon ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
tomcat5.5_5.5.25-3_amd64.changes ACCEPTED
Accepted: libtomcat5.5-java_5.5.25-3_all.deb to pool/main/t/tomcat5.5/libtomcat5.5-java_5.5.25-3_all.deb tomcat5.5-admin_5.5.25-3_all.deb to pool/main/t/tomcat5.5/tomcat5.5-admin_5.5.25-3_all.deb tomcat5.5-webapps_5.5.25-3_all.deb to pool/main/t/tomcat5.5/tomcat5.5-webapps_5.5.25-3_all.deb tomcat5.5_5.5.25-3.diff.gz to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-3.diff.gz tomcat5.5_5.5.25-3.dsc to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-3.dsc tomcat5.5_5.5.25-3_all.deb to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-3_all.deb Override entries for your package: libtomcat5.5-java_5.5.25-3_all.deb - optional web tomcat5.5-admin_5.5.25-3_all.deb - optional web tomcat5.5-webapps_5.5.25-3_all.deb - optional web tomcat5.5_5.5.25-3.dsc - source web tomcat5.5_5.5.25-3_all.deb - optional web Announcing to [EMAIL PROTECTED] Closing bugs: 443382 454312 455495 Thank you for your contribution to Debian. ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
mockobjects_0.09-2_i386.changes is NEW
(new) libmockobjects-java-doc_0.09-2_all.deb optional doc Framework for developing and using mock objects Mock Objects is a test-first driven framework for building generic software and/or unit testing frameworks. It supports: . * A methodology for developing and using mock objects. * A core mock object framework. This is a library of code that supports the implementation of mock objects, based around a set of expectation classes for values and collections. There are also various other classes to make mock objects easier to write or to use. * A default set of mock implementations for the standard Java platform APIs. We have made a start on packages such as servlets, sql, and io. . This package includes the mock objects javadocs. (new) libmockobjects-java_0.09-2_all.deb optional devel Framework for developing and using mock objects Mock Objects is a test-first driven framework for building generic software and/or unit testing frameworks. It supports: . * A methodology for developing and using mock objects. * A core mock object framework. This is a library of code that supports the implementation of mock objects, based around a set of expectation classes for values and collections. There are also various other classes to make mock objects easier to write or to use. * A default set of mock implementations for the standard Java platform APIs. We have made a start on packages such as servlets, sql, and io. (new) mockobjects_0.09-2.diff.gz optional devel (new) mockobjects_0.09-2.dsc optional devel Changes: mockobjects (0.09-2) unstable; urgency=low . * Take over the package. (Closes: #270531, #453021) * Switch to java-gcj-compat-dev and move package to main. * Clean up whole build process and build mockobjects-core only. * Add Homepage and Vcs headers to debian/control. Override entries for your package: Announcing to [EMAIL PROTECTED] Closing bugs: 270531 453021 Your package contains new components which requires manual editing of the override file. It is ok otherwise, so please be patient. New packages are usually added to the override file about once a week. You may have gotten the distribution wrong. You'll get warnings above if files already exist in other distributions. ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#454312: marked as done (libtomcat5.5-java: MailSessionFactory missing from naming-factory.jar)
Your message dated Thu, 13 Dec 2007 21:32:10 + with message-id [EMAIL PROTECTED] and subject line Bug#454312: fixed in tomcat5.5 5.5.25-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: libtomcat5.5-java Version: 5.5.25-2 Severity: important org/apache/naming/factory/MailSessionFactory is missing from naming-factory.jar was there in 5.5.25-1 not included in any other jar file in this package this breaks any web application that depends on MailSessionFactory -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libtomcat5.5-java depends on: ii ant 1.7.0-3Java based build tool like make ii libcommons-collections3-java 3.1a-3.1 A set of abstract data type interf ii libcommons-dbcp-java 1.2.2-1Database Connection Pooling Servic ii libcommons-el-java1.0-4 Implementation of the JSP2.0 Expre ii libcommons-launcher-java 1.1-3 cross platform java application la ii libcommons-logging-java 1.1-1 commmon wrapper interface for seve ii libcommons-modeler-java 2.0.1-4convenience library to use Java Ma ii libcommons-pool-java 1.3-1 pooling implementation for Java ob ii libmx4j-java 3.0.1-3An open source implementation of t ii libservlet2.4-java5.0.30-6 Servlet 2.4 and JSP 2.0 Java class ii libxerces2-java 2.8.1-2Validating XML parser for Java wit libtomcat5.5-java recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: tomcat5.5 Source-Version: 5.5.25-3 We believe that the bug you reported is fixed in the latest version of tomcat5.5, which is due to be installed in the Debian FTP archive: libtomcat5.5-java_5.5.25-3_all.deb to pool/main/t/tomcat5.5/libtomcat5.5-java_5.5.25-3_all.deb tomcat5.5-admin_5.5.25-3_all.deb to pool/main/t/tomcat5.5/tomcat5.5-admin_5.5.25-3_all.deb tomcat5.5-webapps_5.5.25-3_all.deb to pool/main/t/tomcat5.5/tomcat5.5-webapps_5.5.25-3_all.deb tomcat5.5_5.5.25-3.diff.gz to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-3.diff.gz tomcat5.5_5.5.25-3.dsc to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-3.dsc tomcat5.5_5.5.25-3_all.deb to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Koch [EMAIL PROTECTED] (supplier of updated tomcat5.5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 13 Dec 2007 22:15:18 +0100 Source: tomcat5.5 Binary: libtomcat5.5-java tomcat5.5 tomcat5.5-admin tomcat5.5-webapps Architecture: source all Version: 5.5.25-3 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Michael Koch [EMAIL PROTECTED] Description: libtomcat5.5-java - Java Servlet engine -- core libraries tomcat5.5 - Servlet and JSP engine tomcat5.5-admin - Java Servlet engine -- admin manager web interfaces tomcat5.5-webapps - Java Servlet engine -- documentation and example web applications Closes: 443382 454312 455495 Changes: tomcat5.5 (5.5.25-3) unstable; urgency=low . * debian/libtomcat5.5-java.links: Removed links for xml-apis.jar and xercesImpl.jar. Closes: #443382, #455495. * Added libgnumail-java to Build-Depends. Closes: #454312. * Updated Standards-Version to 3.7.3. Files: 1d3378cf14b31c48b6b62d2b7588057a 1347 web optional tomcat5.5_5.5.25-3.dsc 217c17eb42354011bf882528465f95cf 31628 web optional tomcat5.5_5.5.25-3.diff.gz 981f40d6fa34606f663eb2d4a8b4412d 61022 web optional tomcat5.5_5.5.25-3_all.deb 1d0f50d4d24f3256ce1963b06572d47f 2420526 web optional libtomcat5.5-java_5.5.25-3_all.deb 14010f9e62b5978cdf7cc7408453fe43 1486466 web optional tomcat5.5-webapps_5.5.25-3_all.deb 3b340ffc4e0f0348338ecc9729e8ac92 1135662 web
