On Apr/10, Felix Natter wrote:
> Yes and no. On jessie the patch did not cleanly apply, so I would have
> had to apply that change manually. Since removing the import has no
> effect on the semantics of the program (as long as it still compiles),
> I was too lazy. It should be ok.
Let's leave it t
On Jan/27, Markus Koschany wrote:
> I have prepared security updates of jackson-databind for Stretch and
> Jessie and would appreciate another look at the patches.
>
> The fix for CVE-2018-5968 is straightforward. The blacklist is simply
> extended.
>
> However upstream decided to refactor the co
On Mar/28, Markus Koschany wrote:
> apparently logback < 1.2.0 is vulnerable to a deserialization issue.
> They announced it on February 8th 2017 but it appears no CVE has been
> assigned yet. [1] Fixing commit is at [2] The bug reporter claims it is
> the same issue as CVE-2015-6420 but I cannot v
On Apr/15, Markus Koschany wrote:
> I have prepared a patch for CVE-2014-3577 (commons-httpclient). [1] The
> patch is identical to the Jessie / Sid fix. Do you consider this
> vulnerability important enough for a DSA or do you prefer a point
> release update?
Hi Markus,
this issue was marked "no
On Mar/25, tony mancill wrote:
> I have prepared an update for batik [1] in wheezy to address
> CVE-2015-0250. Attached is the debdiff. Please let me know if you
> would like me to upload it.
Hi Tony,
I've reviewed your debdiff and it looks good. Please upload to
security-master-unembargoed, an
notfixed 734821 1.4.7-1
thanks
This bug was actually never in Debian, since it was introduced in 1.4.5
and closed in 1.4.7.
If anyone is interested in verifying this, the following code can be run
against the JARs present at
http://repo.maven.apache.org/maven2/com/thoughtworks/xstream/xstream/:
Hi fellows,
I've been packaging jruby 1.6.7.2, and would like to upload it quite
soon, in hopes of beating the freeze and having a decently recent
version of jruby in wheezy.
I'm attaching to this email the diff between 1.5.6-3's debian/
directory, and mine, the main change being that I've had to
On Apr/30, Rene Engelhard wrote:
> Hi,
>
> On Fri, Apr 13, 2012 at 04:31:31PM +0200, Rene Engelhard wrote:
> > > so I'd like to upload that to unstable (and adapt libreoffice) if it
> > > happens.
> > >
> > > But this problem makes me ask
> > >
> > > Q1) does anyone of your programs using libhs
Hi Alex,
a while ago I transferred maintenance of jruby over to the Debian Java
Maintainers, whom I cc'ed to this email. They'll probably be able to
tell you more...
Cheers,
--Seb
On Sep/12, Alex Young wrote:
> Hi there,
>
> I'm emailing you because your name is on the Debian jruby-1.5.1
> pac
Hi Thomas,
jruby is now being packaged by the Debian Java Maintainers, whose main
goal is to get jruby back into main again.
I'm cc'ing the team to this email, as I'm sure they'll be interested in
working closely with such a responsive upstream ;)
Cheers,
--Seb
On Dec/02, Thomas E Enebo wrote:
10 matches
Mail list logo
