Bug#674448: CVE-2012-2098

6.0.6. I had prepared an upload to fix this issue in stable. Are you OK with an upload to stable then? Please notify the release team before. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13

Bug#629852: Oracle Java SE Critical Patch Update Advisory - June 2011

CVE-2011-0867 CVE-2011-0869 CVE-2011-0865 Some of the issues seem to be windows specific. http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html Kind regards Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text

Bug#441205: closed by Marcus Better mar...@better.se (CVE-2007-4724 XSS in cal2.jsp)

: SHA1 Bug not present in Tomcat 6. so why closing a bug that was assigned for tomcat 5? Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpTaEvp3urey.pgp Description: PGP signature

Bug#441205: closed by Marcus Better mar...@better.se (CVE-2007-4724 XSS in cal2.jsp)

Hi, * Marcus Better mar...@better.se [2009-08-14 18:23]: Nico Golde wrote: Bug not present in Tomcat 6. so why closing a bug that was assigned for tomcat 5? Oh, I didn't read closely enough and thought it had been reassigned to tomcat6. Anyway tomcat5 has been removed from

Bug#494799: CVE-2008-2938: Directory Traversal Vulnerability

check the existing BTS entries before submitting new bugs. No idea how you missed: #494504 [G|S|] [tomcat5.5] CVE-2008-1232/CVE-2008-2370: XSS and directory traversal Check out http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494504 Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL

Bug#465645: tomcat5.5: CVE-2007-5333 unauthorized disclosure of information

this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail

Bug#459281: severity of 459281 is serious

# Automatically generated email from bts, devscripts version 2.10.11 # setting it back to previous severity :) severity 459281 serious ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org

Bug#459281: severity of 459281 is important

# Automatically generated email from bts, devscripts version 2.10.11 # temporary downgrading to let the latest security fix enter testing severity 459281 important ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org

libstruts1.2-java oldstable update for CVE-2005-3745

-tracker.debian.net/tracker/CVE-2005-3745 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3745 [1] http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-oldstable Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF

Bug#458237: tomcat5.5: CVE-2007-5342 unauthorized modification of data because of too open permissions

-2007-5342 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpqrtkAcCfvV.pgp Description: PGP signature ___ pkg-java-maintainers mailing

Bug#456148: Current upstream fix for CVE-2007-6306 introduced regression

, however. [1]: https://sourceforge.net/tracker/?func=detailatid=115494aid=1849333group_id=15494 I shall update the package once version 1.0.9 is released. What about updating the current package with the referenced patches which fix this? Kind regards Nico -- Nico Golde - http

Bug#456148: Intend to NMU

Hi, attached is a patch for an NMU which fixes these issues. It will be also archived on: http://people.debian.org/~nion/nmu-diff/libjfreechart-java-1.0.8-1_1.0.8-1.1.patch Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all

Bug#456148: Intend to NMU

Hi Varun, * Varun Hiremath [EMAIL PROTECTED] [2007-12-22 19:12]: On Sat, 22 Dec, 2007 at 04:29:31PM +0100, Nico Golde wrote: Hi, attached is a patch for an NMU which fixes these issues. It will be also archived on: http://people.debian.org/~nion/nmu-diff/libjfreechart-java-1.0.8-1_1.0.8

Bug#448841: CVE-2007-5731 directory traversal vulnerability

attackers. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5731 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpkRatvcqEEH.pgp Description

Bug#448664: CVE-2007-5461 absolute path traversal vulnerability

://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp8ZhTWFSAng.pgp Description: PGP signature

Bug#445283: CVE-2006-6969 predictable session identifiers

. This vulnerability has been verified in the Debian versions by the upstream. I am currently waiting to get a patch for this. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6969 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG

Bug#441205: CVE-2007-4724 XSS in cal2.jsp

-2007-4724 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpvR8UpYSf12.pgp Description: PGP signature ___ pkg-java-maintainers mailing