Your message dated Thu, 12 Feb 2015 09:23:40 +0000 with message-id <e1ylpzo-0003rq...@franck.debian.org> and subject line Bug#777741: fixed in wss4j 1.6.15-2 has caused the Debian Bug report #777741, regarding wss4j: CVE-2015-0226 CVE-2015-0227 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 777741: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: wss4j Severity: grave Tags: security Justification: user security hole Hi, please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0226 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0227 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: wss4j Source-Version: 1.6.15-2 We believe that the bug you reported is fixed in the latest version of wss4j, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 777...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg <ebo...@apache.org> (supplier of updated wss4j package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 12 Feb 2015 09:11:29 +0100 Source: wss4j Binary: libwss4j-java Architecture: source all Version: 1.6.15-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebo...@apache.org> Description: libwss4j-java - Apache WSS4J WS-Security implementation Closes: 777741 Changes: wss4j (1.6.15-2) unstable; urgency=medium . * Fixed security issues (Closes: #777741): - CVE-2015-0227: WSS4J is still vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) - CVE-2015-0226: WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property * Standards-Version updated to 3.9.6 (no changes) Checksums-Sha1: 1919d3cd5bf05dba2796069d251f0bd5b7e95b9a 2124 wss4j_1.6.15-2.dsc 6461136db69ddd7e46064fdd750e1c7823ab5fed 9548 wss4j_1.6.15-2.debian.tar.xz cbaf5c5cb4ab1f8015a2912c7791aa0cb5da9cca 342064 libwss4j-java_1.6.15-2_all.deb Checksums-Sha256: c8a93f439e8c2abd7c95ec246906ee0b00f7fc0c390e3565d9fe66606d782eae 2124 wss4j_1.6.15-2.dsc afa2ec0e05322657fe15544fdbea842fccc32f3195b97b2e77566202a513983d 9548 wss4j_1.6.15-2.debian.tar.xz 9c89700350af318e28122623408b8108a923f21edf16dd76cf05bce2bc9e1584 342064 libwss4j-java_1.6.15-2_all.deb Files: fd08438daabc8ebdc12855052c47f2d5 2124 java optional wss4j_1.6.15-2.dsc bda8c06272cb1f22413e8a55619e0901 9548 java optional wss4j_1.6.15-2.debian.tar.xz 82181395bd8f9f68e3a3157c0bb6f81f 342064 java optional libwss4j-java_1.6.15-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU3GrgAAoJEPUTxBnkudCssR8QAISJdMUJjehMXcPjaVaAaAr1 HhHyq6BWoko1xgER1rxo53uVLFTbHFFv3DZea6Mi8j5XihWwXsBiofcyc6hWFl51 ZU2zLuU5oImy+oCZ5AcD1Ej1z4rLJNiDNMr4aBwl271CehULRbVREcVJfHdxeoWS Ra29TXcjUV7M6cnGWaXHOFS8/Y6RGrSFY9FH2zgt8Rs4ubsnnxWQTcXyUNJE/iM0 AjNcgiixv/v2fnT1Fjvj5TTJdSzxsErQ3AlfGWlpBW1MAfPTIKPNmEceQF851ois NktPLPEHMf1yD7a6NjClkOkf0ucF01IDg8tIkQ2I2GlQe7jtvWzLEkkdp/6qxy34 UsrEJQdPMJe+aDW/3Bln2RjnmnM38bl65/TjYhBQ2KSZj+Z6hbZk7KVvLY6ExUEk 9gU1NK8GmWoHLZwduCwfbVxKi2iCsroBj1eSSX0X2JPllsxwFRxUcYynAQoXfrsn NR6sopazpPiV1qTSw4fsUfrcIERRgEw1+1n79UEVPyawsvfVkBd6fVFeStxMnf2y VsKe/az6CJFunbXekz3nGJ+Qv+xPHpGffCRwvncdoKgjqHz9wTna/K9ktDs0pLUg N2D1oU7lq6zvek5JGRX4fk7LySda5hmwj6pshM4LmTJi5lzvbIhZ7sFEtYRMLrag 3ASaDBGKaZenmQnXI8Jl =BAPI -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
