Your message dated Tue, 21 Jan 2014 21:17:29 +0000
with message-id <e1w5ihn-0001hw...@franck.debian.org>
and subject line Bug#720902: fixed in libspring-java 3.0.6.RELEASE-6+deb7u1
has caused the Debian Bug report #720902,
regarding libspring-java: CVE-2013-4152
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
720902: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libspring-java
Severity: grave
Tags: security
Justification: user security hole
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4152 for
details.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libspring-java
Source-Version: 3.0.6.RELEASE-6+deb7u1
We believe that the bug you reported is fixed in the latest version of
libspring-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 720...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <a...@gambaru.de> (supplier of updated libspring-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 29 Dec 2013 13:21:19 +0100
Source: libspring-java
Binary: libspring-core-java libspring-beans-java libspring-aop-java
libspring-context-java libspring-context-support-java libspring-web-java
libspring-web-servlet-java libspring-web-struts-java libspring-web-portlet-java
libspring-test-java libspring-transaction-java libspring-jdbc-java
libspring-jms-java libspring-orm-java libspring-expression-java
libspring-oxm-java libspring-instrument-java
Architecture: source all
Version: 3.0.6.RELEASE-6+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@gambaru.de>
Description:
libspring-aop-java - modular Java/J2EE application framework - AOP
libspring-beans-java - modular Java/J2EE application framework - Beans
libspring-context-java - modular Java/J2EE application framework - Context
libspring-context-support-java - modular Java/J2EE application framework -
Context Support
libspring-core-java - modular Java/J2EE application framework - Core
libspring-expression-java - modular Java/J2EE application framework -
Expression language
libspring-instrument-java - modular Java/J2EE application framework -
Instrumentation
libspring-jdbc-java - modular Java/J2EE application framework - JDBC tools
libspring-jms-java - modular Java/J2EE application framework - JMS tools
libspring-orm-java - modular Java/J2EE application framework - ORM tools
libspring-oxm-java - modular Java/J2EE application framework - Object/XML
Mapping
libspring-test-java - modular Java/J2EE application framework - Test helpers
libspring-transaction-java - modular Java/J2EE application framework -
transaction
libspring-web-java - modular Java/J2EE application framework - Web
libspring-web-portlet-java - modular Java/J2EE application framework - Portlet
MVC
libspring-web-servlet-java - modular Java/J2EE application framework - Web
Portlet
libspring-web-struts-java - modular Java/J2EE application framework - Struts
MVC
Closes: 720902
Changes:
libspring-java (3.0.6.RELEASE-6+deb7u1) wheezy-security; urgency=high
.
* Team upload.
* Fix CVE-2013-4152.
- New patch: Add-processExternalEntities-to-JAXB2Marshaller.patch.
- Now by default external XML entities are not processed when
unmarshalling. Processing of external entities will only be
enabled/disabled when the source passed to the unmarshaller is a
SAXSource or StreamSource. It has no effect for DOMSource or StAXSource
instances.
- (Closes: #720902)
Checksums-Sha1:
5eb3cb9b3967547e1c91a5188fe60b5c68777147 4567
libspring-java_3.0.6.RELEASE-6+deb7u1.dsc
54681c810cb8d918b54ab430441958a84c6440a9 11192531
libspring-java_3.0.6.RELEASE.orig.tar.gz
e9f00f61c780d0029f0f36319d2d7d89e19523a9 19505
libspring-java_3.0.6.RELEASE-6+deb7u1.debian.tar.gz
ed262b6393f1dadf65738e00689e86069b2f8e01 364098
libspring-core-java_3.0.6.RELEASE-6+deb7u1_all.deb
9ef33c4b2761903115c632f070d7dd00fda56202 520022
libspring-beans-java_3.0.6.RELEASE-6+deb7u1_all.deb
f7f4c79f1abe718d1b57e4c2b8710dbc6c1bcafc 331176
libspring-aop-java_3.0.6.RELEASE-6+deb7u1_all.deb
8814a5471a4292688444b40a018b4d003f69931a 599282
libspring-context-java_3.0.6.RELEASE-6+deb7u1_all.deb
c152f1eb506554f3bfc3fd1949256c8b25b6b3da 113508
libspring-context-support-java_3.0.6.RELEASE-6+deb7u1_all.deb
942815c2587812fd206f8a24b3f0bee3a1cef12f 371872
libspring-web-java_3.0.6.RELEASE-6+deb7u1_all.deb
fea9171dd5e112b403343581673f53e5a35ca2aa 398860
libspring-web-servlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
f3436a33013a243bbce0f13d468e60867533e3fa 51440
libspring-web-struts-java_3.0.6.RELEASE-6+deb7u1_all.deb
44c34d168117273543fb00f656bf7afb078c9dac 180086
libspring-web-portlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
a139834d86dd0f4355c608dbe73f332744b96381 204994
libspring-test-java_3.0.6.RELEASE-6+deb7u1_all.deb
9942e4c9f651a019e1d342d2e746fe6c97af57b6 214106
libspring-transaction-java_3.0.6.RELEASE-6+deb7u1_all.deb
d614faedd37916e66574f87d799458c5444592a1 358828
libspring-jdbc-java_3.0.6.RELEASE-6+deb7u1_all.deb
889148c9a97dc529e0975cfa315accadfb292c3a 186862
libspring-jms-java_3.0.6.RELEASE-6+deb7u1_all.deb
7ecf4f44de0f5c2409e81ead9f5d144d12085378 317706
libspring-orm-java_3.0.6.RELEASE-6+deb7u1_all.deb
85fcfec606316db10a31f6c58a14bd06a59c6256 176482
libspring-expression-java_3.0.6.RELEASE-6+deb7u1_all.deb
294e24ad0b09a48f3062289baaf43baa1b54f899 77884
libspring-oxm-java_3.0.6.RELEASE-6+deb7u1_all.deb
65da8b54ad30af91ae85b91cb184439866dd4369 29860
libspring-instrument-java_3.0.6.RELEASE-6+deb7u1_all.deb
Checksums-Sha256:
483d48115a550f6a75b054269240c2cb110df3bf544a7a7f10163f8081d05d4f 4567
libspring-java_3.0.6.RELEASE-6+deb7u1.dsc
694c3efc4b4b0730c596b90a14a8e14e1a5d5be065f38a35c3e2e86c50dab04f 11192531
libspring-java_3.0.6.RELEASE.orig.tar.gz
03bb2b45eeb4c065091b11ff9f753cd712d1736f61f50ff2c461dde11e4066d5 19505
libspring-java_3.0.6.RELEASE-6+deb7u1.debian.tar.gz
357354b71ba9890d1ed53d00675a322270c034a9cfb1f2d95b5d3877fe21808c 364098
libspring-core-java_3.0.6.RELEASE-6+deb7u1_all.deb
426045199ca5edc82fa548a786a88077a0fd5bf42da194169368636bb8a5ee12 520022
libspring-beans-java_3.0.6.RELEASE-6+deb7u1_all.deb
26ecf6c1c7256bc9003e1f65633a3374e692f285e3aaa2c9a26410d29cc23e0a 331176
libspring-aop-java_3.0.6.RELEASE-6+deb7u1_all.deb
2710cf01459991d524257b7bcac63e4bcc39afffd02a06ace91b315daa8ed4ac 599282
libspring-context-java_3.0.6.RELEASE-6+deb7u1_all.deb
b87f807c7a123f347c99b453c56adef832008483e207e574aac265dd0cbbc6d2 113508
libspring-context-support-java_3.0.6.RELEASE-6+deb7u1_all.deb
cdb863becc211de9d6c5f1ab2f2743b73ad70cb6b1cd2f300b946ae210d00995 371872
libspring-web-java_3.0.6.RELEASE-6+deb7u1_all.deb
b562a533422395f36a021de8cf6835d4d151683556c41d579e7d7ad8b84b03d6 398860
libspring-web-servlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
66dc5253e82d9a44665b58831da597469af50de364a1ca4366acf7ed43c3637c 51440
libspring-web-struts-java_3.0.6.RELEASE-6+deb7u1_all.deb
a07aeb433e4b64c9db06a34f77eb809d9bc566c898c1d475d507e4a6e9a6bf28 180086
libspring-web-portlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
dd9e04c6d3f734fffab30556d53af9ce871dae99bf47184ea4362794d4d6945e 204994
libspring-test-java_3.0.6.RELEASE-6+deb7u1_all.deb
2b3e87990b7538ad428dfb56b1c97f06c67c0030a6601140c78223868edf23c4 214106
libspring-transaction-java_3.0.6.RELEASE-6+deb7u1_all.deb
b6fb13dece46d2d0d486202d24ac4dd763094f63c322affca8bdb516d33951e6 358828
libspring-jdbc-java_3.0.6.RELEASE-6+deb7u1_all.deb
3e6d999d422a95b6bd754e05152a6b72e7ef834ce51974a3ca4923320d79ee7f 186862
libspring-jms-java_3.0.6.RELEASE-6+deb7u1_all.deb
fd94c8a15c06ba017b350358b54aacd978f2a83e422304158e84bc9a619890f8 317706
libspring-orm-java_3.0.6.RELEASE-6+deb7u1_all.deb
562f14f95824bb8787f09b82f18e51adb9701e2361e1a3e59601fbd41d81135f 176482
libspring-expression-java_3.0.6.RELEASE-6+deb7u1_all.deb
c45cb10624c4dfb6f4ee6a2f988f8a92395245107af89010e8f5f36b399a0e29 77884
libspring-oxm-java_3.0.6.RELEASE-6+deb7u1_all.deb
5592e4816def127e370111d26c65b53742e76376553eb2a6af8b2b1de4ee0280 29860
libspring-instrument-java_3.0.6.RELEASE-6+deb7u1_all.deb
Files:
df511b8ba286419300e190d1a3e7f29c 4567 java extra
libspring-java_3.0.6.RELEASE-6+deb7u1.dsc
94d0061e56d508cb9f935a6602ac5447 11192531 java extra
libspring-java_3.0.6.RELEASE.orig.tar.gz
44258137fb5c5be6f182d5b6821aa5dd 19505 java extra
libspring-java_3.0.6.RELEASE-6+deb7u1.debian.tar.gz
cfb931344395d2bb25a7b0cf34ee9d1c 364098 java extra
libspring-core-java_3.0.6.RELEASE-6+deb7u1_all.deb
2c3e7db6141a9cf551ad142f5d0bcf68 520022 java extra
libspring-beans-java_3.0.6.RELEASE-6+deb7u1_all.deb
646877c96f44b1a28a50e5fdbe4a5fcd 331176 java extra
libspring-aop-java_3.0.6.RELEASE-6+deb7u1_all.deb
7ec778ee1eda704b8523c98df77a969d 599282 java extra
libspring-context-java_3.0.6.RELEASE-6+deb7u1_all.deb
72acb3f1ccbc2ee431296f8123decfdf 113508 java extra
libspring-context-support-java_3.0.6.RELEASE-6+deb7u1_all.deb
cc8a6bc480b073a45fed1e05dcef6801 371872 java extra
libspring-web-java_3.0.6.RELEASE-6+deb7u1_all.deb
26d15421430d19c559f008f924733f7c 398860 java extra
libspring-web-servlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
d1a72ef9a5b96451f3e21f06042ccc8e 51440 java extra
libspring-web-struts-java_3.0.6.RELEASE-6+deb7u1_all.deb
33e3d54eb8b25e583378080694d62eec 180086 java extra
libspring-web-portlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
4623ee4132caf00ecefdc3578a8f2464 204994 java extra
libspring-test-java_3.0.6.RELEASE-6+deb7u1_all.deb
9a7cff44278220b7205a2669fc45de57 214106 java extra
libspring-transaction-java_3.0.6.RELEASE-6+deb7u1_all.deb
d0ba56977081fdc7a514aedd62aff47e 358828 java extra
libspring-jdbc-java_3.0.6.RELEASE-6+deb7u1_all.deb
e6b22d5227fb05f74ac366987e553e99 186862 java extra
libspring-jms-java_3.0.6.RELEASE-6+deb7u1_all.deb
b84bf7bf2643f030d181704a6c17d561 317706 java extra
libspring-orm-java_3.0.6.RELEASE-6+deb7u1_all.deb
9ea80ff7644332eb38aee4629e1a59c5 176482 java extra
libspring-expression-java_3.0.6.RELEASE-6+deb7u1_all.deb
40ffbd1145969ae79f18e3e81cb6d6f1 77884 java extra
libspring-oxm-java_3.0.6.RELEASE-6+deb7u1_all.deb
259e7e87a5da69e06485e46016f19790 29860 java extra
libspring-instrument-java_3.0.6.RELEASE-6+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJSwcpmAAoJEI8AS/UHtGj7y3oQAJdf6FeBv0mfs2U9524Guyzs
MCF5KfTrLfoXhl84Sar5x/PAPHOiEev1KlZaJOUTpamt/2KW03fTgSUYPhzK2Rhd
0DnWDEmCGIZK9VBFanPJCcR30Uq+eN4yfziQw72wjLItF80yZvPNUyRqOwGKrnEv
P2mpNAT4QYXQ9GmAwIQAYK0AeoFg7DZOYIyoowgwAPLmeDak/MFPP0eP6E+1Ba1L
cy3JoKuh9rtfLZ4D5XfTwTsYW1byGVTCO9ERb4uts2ubIXhbs3zbhYEP0/GwIssQ
H4AQaIQ9UhUX3nrbrmsZcfkdaPO0EGNSqW0p2C5annYE5TwhC9jx1ZeTaofWUxmp
WRdiOD3pzLx1at4XExFr8Dp3fWcgZUTwcdhf3BmnucLHPnzgL6IqVido6byhdejO
I5j9UhGmAWhWzKMAO06UBDThaarKnBpJTnqp40VvVajSYhNlW81ZSeILzZG3VyRE
oK9MH7ssAjdoLAZT2t61fODZTC5KmoGfuSkxYkpBgBD3aep31XQjoguCNBMmKz9i
/S0CnFWtERaZyDlbIn4Ele53IdEeOIrrf2zg3vbpKsdyWvQZQWiptab1m/s2EDWp
llAcI0dr5TPiLQZrkzjGWPmDJ2/+++PILIPmeU9V7ZnBr7fEUCYrzEveygJHoj2B
LOJHb7O2MdaifNdwzV0p
=3iBd
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.