On Apr/10, Felix Natter wrote:
> Yes and no. On jessie the patch did not cleanly apply, so I would have
> had to apply that change manually. Since removing the import has no
> effect on the semantics of the program (as long as it still compiles),
> I was too lazy. It should be ok.
Let's leave it
On Jan/27, Markus Koschany wrote:
> I have prepared security updates of jackson-databind for Stretch and
> Jessie and would appreciate another look at the patches.
>
> The fix for CVE-2018-5968 is straightforward. The blacklist is simply
> extended.
>
> However upstream decided to refactor the
On Mar/28, Markus Koschany wrote:
> apparently logback < 1.2.0 is vulnerable to a deserialization issue.
> They announced it on February 8th 2017 but it appears no CVE has been
> assigned yet. [1] Fixing commit is at [2] The bug reporter claims it is
> the same issue as CVE-2015-6420 but I cannot
On Apr/15, Markus Koschany wrote:
I have prepared a patch for CVE-2014-3577 (commons-httpclient). [1] The
patch is identical to the Jessie / Sid fix. Do you consider this
vulnerability important enough for a DSA or do you prefer a point
release update?
Hi Markus,
this issue was marked no-dsa
On Mar/25, tony mancill wrote:
I have prepared an update for batik [1] in wheezy to address
CVE-2015-0250. Attached is the debdiff. Please let me know if you
would like me to upload it.
Hi Tony,
I've reviewed your debdiff and it looks good. Please upload to
security-master-unembargoed, and
notfixed 734821 1.4.7-1
thanks
This bug was actually never in Debian, since it was introduced in 1.4.5
and closed in 1.4.7.
If anyone is interested in verifying this, the following code can be run
against the JARs present at
http://repo.maven.apache.org/maven2/com/thoughtworks/xstream/xstream/:
Hi fellows,
I've been packaging jruby 1.6.7.2, and would like to upload it quite
soon, in hopes of beating the freeze and having a decently recent
version of jruby in wheezy.
I'm attaching to this email the diff between 1.5.6-3's debian/
directory, and mine, the main change being that I've had
On Apr/30, Rene Engelhard wrote:
Hi,
On Fri, Apr 13, 2012 at 04:31:31PM +0200, Rene Engelhard wrote:
so I'd like to upload that to unstable (and adapt libreoffice) if it
happens.
But this problem makes me ask
Q1) does anyone of your programs using libhsqldb-java have the
Hi Alex,
a while ago I transferred maintenance of jruby over to the Debian Java
Maintainers, whom I cc'ed to this email. They'll probably be able to
tell you more...
Cheers,
--Seb
On Sep/12, Alex Young wrote:
Hi there,
I'm emailing you because your name is on the Debian jruby-1.5.1
Hi Thomas,
jruby is now being packaged by the Debian Java Maintainers, whose main
goal is to get jruby back into main again.
I'm cc'ing the team to this email, as I'm sure they'll be interested in
working closely with such a responsive upstream ;)
Cheers,
--Seb
On Dec/02, Thomas E Enebo
10 matches
Mail list logo
