reproducible.debian.net status changes for commons-exec

2017-03-10 Thread Reproducible builds folks
2017-03-04 22:21 https://tests.reproducible-builds.org/debian/unstable/amd64/commons-exec changed from reproducible -> FTBFS __ This is the maintainer address of Debian's Java team . Please use

reproducible.debian.net status changes for freehep-graphicsio-pdf

2017-03-10 Thread Reproducible builds folks
2017-02-22 10:46 https://tests.reproducible-builds.org/debian/unstable/amd64/freehep-graphicsio-pdf changed from reproducible -> unreproducible __ This is the maintainer address of Debian's Java team . Please use

reproducible.debian.net status changes for jmock2

2017-03-10 Thread Reproducible builds folks
2017-02-22 23:08 https://tests.reproducible-builds.org/debian/unstable/amd64/jmock2 changed from unreproducible -> FTBFS __ This is the maintainer address of Debian's Java team . Please use

reproducible.debian.net status changes for not-yet-commons-ssl

2017-03-10 Thread Reproducible builds folks
2017-03-07 21:01 https://tests.reproducible-builds.org/debian/unstable/amd64/not-yet-commons-ssl changed from reproducible -> unreproducible __ This is the maintainer address of Debian's Java team . Please use

reproducible.debian.net status changes for libcommons-dbcp-java

2017-03-10 Thread Reproducible builds folks
2017-03-04 09:50 https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-dbcp-java changed from reproducible -> FTBFS 2017-03-07 20:46 https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-dbcp-java changed from FTBFS -> reproducible __ This is the maintainer

reproducible.debian.net status changes for multiverse-core

2017-03-10 Thread Reproducible builds folks
2017-02-22 00:15 https://tests.reproducible-builds.org/debian/unstable/amd64/multiverse-core changed from FTBFS -> reproducible __ This is the maintainer address of Debian's Java team . Please use

reproducible.debian.net status changes for eclipse-pydev

2017-03-10 Thread Reproducible builds folks
2017-02-21 16:28 https://tests.reproducible-builds.org/debian/unstable/amd64/eclipse-pydev changed from reproducible -> unreproducible __ This is the maintainer address of Debian's Java team . Please use

Bug#857034: marked as done (Please update openjdk-8-jre-dcevm in jessie-backports)

2017-03-10 Thread Debian Bug Tracking System
Your message dated Fri, 10 Mar 2017 22:56:20 +0100 with message-id <9452b6d4-e8c9-43cb-7247-938ef2b97...@apache.org> and subject line Re: Bug#857034: Please update openjdk-8-jre-dcevm in jessie-backports has caused the Debian Bug report #857034, regarding Please update openjdk-8-jre-dcevm in

Bug#856996: libjacoco-java: Where is the jacoco agent located?

2017-03-10 Thread Martin Quinson
On Thu, Mar 09, 2017 at 04:59:35PM -0800, tony mancill wrote: > On Wed, Mar 08, 2017 at 05:04:19PM +0100, Martin Quinson wrote: > > Hello, > > > > so the package is completely unusable, right ? It is merely a > > placeholder to make the Gradle android plugin compile, isn't it? > > > > If so, I

Bug#857343: liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver

2017-03-10 Thread Emmanuel Bourg
Hi Fabrice, Thank you for the report. Do you know if there is a CVE ID assigned to this vulnerability? Emmanuel Bourg __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org

Bug#857351: jabref: permissions of bib-file

2017-03-10 Thread Martin Lutz
Package: jabref Version: 3.8.1+ds-3 Severity: minor Dear Maintainer, bib-files that are newly created in jabref have the permissions 777 (rwxrwxrwx). Because these are pure text files, they should not be executable. DEBUG_WRAPPER=1 jabref --debug [debug] /usr/bin/jabref: Found JAVA_HOME =

Processed: your mail

2017-03-10 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tags 857343 security Bug #857343 [liblogback-java] liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver Added tag(s) security. > End of message, stopping processing here. Please contact me if you need

Bug#857343: liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver

2017-03-10 Thread Fabrice Dagorn
CVE-2015-6420 is for Apache Commons, but this is the same issue. Le 10/03/2017 à 10:15, Emmanuel Bourg a écrit : Hi Fabrice, Thank you for the report. Do you know if there is a CVE ID assigned to this vulnerability? Emmanuel Bourg __ This is the maintainer address of Debian's Java team

Bug#857343: (no subject)

2017-03-10 Thread Fabrice Dagorn
tags security __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org for discussions and questions.

Bug#857343: liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver

2017-03-10 Thread Fabrice Dagorn
Package: liblogback-java Version: 1:1.1.2-1 Severity: important Tags: upstream patch Dear Maintainer, logback versions in wheezy, jessie and stretch are vulnerable to a deserialization issue. Logback would try to deserialize data from a socket, but it can't be trusted. Upstream mitigates this