Your message dated Sun, 15 Mar 2015 12:34:03 +0000 with message-id <e1yx7k3-000060...@franck.debian.org> and subject line Bug#779621: fixed in jakarta-taglibs-standard 1.1.2-3 has caused the Debian Bug report #779621, regarding jakarta-taglibs-standard: CVE-2015-0254 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 779621: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779621 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: jakarta-taglibs-standard Severity: important Tags: security Please see http://www.securityfocus.com/archive/1/534772 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: jakarta-taglibs-standard Source-Version: 1.1.2-3 We believe that the bug you reported is fixed in the latest version of jakarta-taglibs-standard, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 779...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Miguel Landaeta <nomad...@debian.org> (supplier of updated jakarta-taglibs-standard package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 14 Mar 2015 22:46:07 -0300 Source: jakarta-taglibs-standard Binary: libjakarta-taglibs-standard-java libjstl1.1-java Architecture: source all Version: 1.1.2-3 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Miguel Landaeta <nomad...@debian.org> Description: libjakarta-taglibs-standard-java - Implementation of JSP Standard Tag Library (JSTL) libjstl1.1-java - JSP Standard Tag Library API v1.1 Reference Implementation Closes: 779621 Changes: jakarta-taglibs-standard (1.1.2-3) unstable; urgency=high . * Team upload. * Fix CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags: - Introduce new patch: d/patches/CVE-2015-0254.patch. - Adjust source and target JVM parameters to 1.5. (Closes: #779621). Checksums-Sha1: 4f0817e13dd9404e87def778fd7b9ea60a826e3d 2333 jakarta-taglibs-standard_1.1.2-3.dsc 41aedb198a8501f0548193d5b515107541313035 17004 jakarta-taglibs-standard_1.1.2-3.debian.tar.xz 4e7d62ae63ac287e4de11136e4554537da72d363 271626 libjakarta-taglibs-standard-java_1.1.2-3_all.deb 893c6aa86966a9c9cff5b371bbf212600357c2ba 17508 libjstl1.1-java_1.1.2-3_all.deb Checksums-Sha256: 620ed003b22b611bde467ac4db1c0d12b0f2a0cf8fddb63b4210a679a549e831 2333 jakarta-taglibs-standard_1.1.2-3.dsc 62c8fbe18ddaeefde400a7ecb083ca2448a5a9358f86f9dc3cd03a3f625ad6cd 17004 jakarta-taglibs-standard_1.1.2-3.debian.tar.xz dae4170286ba9d0c19b3c5b27ff7e38702ab5c63644cbd2bfec0329bba0fa391 271626 libjakarta-taglibs-standard-java_1.1.2-3_all.deb 8374bf0251b5d5b5ceea02e196bdd1012c86c0cc29459e361360f305cb24737a 17508 libjstl1.1-java_1.1.2-3_all.deb Files: 829175342e399870c7bc458bfa68ef06 2333 java optional jakarta-taglibs-standard_1.1.2-3.dsc 563b1a8b7cf5773a1972ad05832037f6 17004 java optional jakarta-taglibs-standard_1.1.2-3.debian.tar.xz 3f06a9b3a015075d933064236a438f6c 271626 java optional libjakarta-taglibs-standard-java_1.1.2-3_all.deb b039585156f95efc7ac7eada54157955 17508 java optional libjstl1.1-java_1.1.2-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJVBO3nAAoJEGIODQuJV82l81sQAIF1eK4BoB1o47zzAt4cIDiP qMwokgor+kUdEOZ57Wfe7kvfKcnEB2awcUcItASb860sItSaf/WEvBd8qZ9rDVw/ kEYfvvnbfNELzzPqfG4PCKokF2X3XX6FinZOZgB9rhPM953KONwxT151l7rJmI94 j2OoRU0YTqZNjuFjR93/et/kaATeSnQUVhw/GdGs2vV5Duf5zRPD6KqhA3y3r4+i PVNlZ+sJVUqxBDb8HHCrl0fjP/YyqPeXShKeItfy28ZhEthpDvbNpIt1p7NA8pRx QAGvCKk4rSao+5I02ZiyVD+A69l5GbUx2D51mPAgFqWdqRkUR5DfRrrKMqVnmD8L jrVRr6cdO1/8nMhWAUFAQtdE5FLVI3/N4IX/4WLo2QYbWvr1kEGwhUn/Pn2DxjGf oxEoDFeWj0fMU7JCbGVUsDd4uFAMLFvMB9CN1mwEO22cDpWpq+gMUL2j9D4V3Fgr d/BQqheo8hx6TSOiLugslmFZTOvFszERe2OzxhupICxEv8XN6KmoxoQkLJGCSEsZ AoNhPQrzT7QkFFD3HsLkZIeEDPuZt63N58lHMLf4cOODCJsoddzpFwmfepXwvtFt ea4gyr0Mn8+6z+SfvvunQeTWdd9lyjslus8oRkPIoz4dYE4fLnv8d9HFaz6Tjixc Tq8YS7EjpN1uK5hhIUNb =rEKC -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
