Package: java-package
Version: 0.55
Severity: important
In jessie (or later), you got stripped binary files with make-jpkg.
Stripping java binary breaks the work of Ops tools.
For example, you got an error to use the jmap command to dump heap.
I think this is a recurrence of #291238 (fixed in
Package: jenkins
Version: 1.565.2-2
Severity: grave
Tags: security
Dear Maintainer,
The upstream vendor announced a security advisory.
In this advisory, some vulnerabilities are rated critical severity.
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
Hi all,
2014-06-16 20:27 GMT+09:00 Emmanuel Bourg ebo...@apache.org:
I got confirmation from the Struts developers that a new release using
commons-beanutils 1.9.2 is planned soon. So I'm going to prepare the
backport of commons-beanutils 1.9.2 in stable and wait for the new
release of Struts
2014-06-15 15:35 GMT+09:00 Hideki Yamane henr...@debian.or.jp:
This pattern will match to words other than class, eg. fooClass.
Any class should be accepted, maybe it'd cause some
trouble but non-class should not named as *class, IMHO.
That might be the case. This issue might be a very small
Hi,
- add struts-1.2.9-CVE-2014-0114.patch from Red Hat to fix CVE-2014-0114
http://sources.debian.net/src/libstruts1.2-java/1.2.9-9/debian/patches/struts-1.2.9-CVE-2014-0114.patch
+protected static final Pattern CLASS_ACCESS_PATTERN = Pattern
+
proofessional, so I can't say that this works
perfect, sorry.
Regards,
Nobuhiro
2014-06-01 15:40 GMT+09:00 Hideki Yamane henr...@debian.or.jp:
Hi,
On Sun, 1 Jun 2014 15:03:20 +0900
Nobuhiro Ban ban.nobuh...@gmail.com wrote:
It's very strange regexp. Because we know (P1|.*|P2) == .* .
This pattern
Package: libstruts1.2-java
Version: 1.2.9-8
Severity: grave
Tags: security
Dear Maintainer,
In https://security-tracker.debian.org/tracker/CVE-2014-0094 :
Notes
- libstruts1.2-java not-affected (Affects Struts 2.0.0 - Struts 2.3.16)
But CVE-2014-0094 is known to affect Struts 1.x.
Regards,
Package: jenkins
Version: 1.509.2+dfsg-2
Severity: grave
Tags: security
Dear Maintainer,
The upstream vendor announced a security advisory.
In this advisory, some vulnerabilities are rated high severity.
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
Hi,
I guess Debian adopted Jenkins LTS Release line (x.x.x) [1].
So, it seems unsuitable to watch mainline (x.x).
[1] https://wiki.jenkins-ci.org/display/JENKINS/LTS+Release+Line
Regards,
Nobuhiro
__
This is the maintainer address of Debian's Java team
Package: jenkins
Version: 1.447.2+dfsg-3, 1.480.3+dfsg-1~exp2
Severity: grave
Tags: security
Dear Maintainer,
The upstream vendor announced a security advisory.
In this advisory, one vulnerability is rated critical severity,
two are high and one is medium.
Package: jenkins
Version: 1.447.2+dfsg-3
Severity: grave
Tags: security
Dear Maintainer,
The upstream vendor announced a security advisory.
In this advisory, three vulnerabilities are rated high severity,
one is medium and one is low.
See:
Package: jenkins
Version: 1.447.2+dfsg-2
Severity: grave
Tags: security
Dear Maintainer,
The upstream vendor announced a security advisory, that is rated
critical severity.
See:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
Regards,
Nobuhiro
__
This is
clone 696816 -1
reassign -1 jenkins-winstone 0.9.10-jenkins-37+dfsg-1
thanks
Dear Maintainer,
I found upstream SECURITY-44 (aka CVE-2012-6072) was from Winstone,
and it might be fixed in 0.9.10-jenkins-40.
https://github.com/jenkinsci/jenkins/commit/ad084edb571555e7c5a9bc5b27aba09aac8da98d
13 matches
Mail list logo
