jssc: status change on tests.reproducible-builds.org/debian

[Reproducible builds folks]

2020-03-19 10:25 
https://tests.reproducible-builds.org/debian/unstable/amd64/jssc changed from 
FTBR -> reproducible

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#954303: tika: CVE-2020-1950

[Salvatore Bonaccorso]

Source: tika
Version: 1.22-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1  1.20-1

Hi,

The following vulnerability was published for tika.

CVE-2020-1950[0]:
Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-1950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1950
[1] https://www.openwall.com/lists/oss-security/2020/03/18/3

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.0-4-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: tika: CVE-2020-1951

[Debian Bug Tracking System]

Processing control commands:

> found -1 1.20-1
Bug #954302 [src:tika] tika: CVE-2020-1951
Marked as found in versions tika/1.20-1.

-- 
954302: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954302
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#954302: tika: CVE-2020-1951

[Salvatore Bonaccorso]

Source: tika
Version: 1.22-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1 1.20-1

Hi,

The following vulnerability was published for tika.

CVE-2020-1951[0]:
Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-1951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1951
[1] https://www.openwall.com/lists/oss-security/2020/03/18/4

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: tika: CVE-2020-1950

[Debian Bug Tracking System]

Processing control commands:

> found -1  1.20-1
Bug #954303 [src:tika] tika: CVE-2020-1950
Marked as found in versions tika/1.20-1.

-- 
954303: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954303
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

jython_2.7.2~rc1+repack1-2_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2020 20:53:33 +0100
Source: jython
Architecture: source
Version: 2.7.2~rc1+repack1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Gilles Filippini 
Changes:
 jython (2.7.2~rc1+repack1-2) unstable; urgency=medium
 .
   * Embed the modules into the jar
Checksums-Sha1:
 206b11a087d47d0bc819b9858d5af3eb74b2d569 2233 jython_2.7.2~rc1+repack1-2.dsc
 2aabe174b22600f3b13d459c9ec9de9e804ba7ed 21000 
jython_2.7.2~rc1+repack1-2.debian.tar.xz
 1be1c602e348025e4beee35361a34ab3c3a404e1 12358 
jython_2.7.2~rc1+repack1-2_amd64.buildinfo
Checksums-Sha256:
 f02e26784cd94d4bdd8aa33a0807551fb7a4d2e9010ae37f7d71091b5c3fdc5e 2233 
jython_2.7.2~rc1+repack1-2.dsc
 230af145b2de9d2446426feb7963fcf0c9f82452e772df3aa777a43c19fbd97d 21000 
jython_2.7.2~rc1+repack1-2.debian.tar.xz
 cd0dc7f5b6b41c7bb56d2b47a079064e286a8413ca03275c6e378dcbab446112 12358 
jython_2.7.2~rc1+repack1-2_amd64.buildinfo
Files:
 7216af2b77c31085dc193366a42906ae 2233 python optional 
jython_2.7.2~rc1+repack1-2.dsc
 771fda85c3cd3e5fc4c66a7dfa8adf21 21000 python optional 
jython_2.7.2~rc1+repack1-2.debian.tar.xz
 afc73cc6e6c5d260f233c48daaa606da 12358 python optional 
jython_2.7.2~rc1+repack1-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQFEBAEBCgAuFiEEoJObzArDE05WtIyR7+hsbH/+z4MFAl5zz00QHHBpbmlAZGVi
aWFuLm9yZwAKCRDv6Gxsf/7Pg19CB/9uTN6h+heoFyQII05mkcKkJ5+1V6pM9fHT
0z6khS/AGMkoPKTuQssvTOIaqv/sHLN45lOnS3epOS4rqh/xW5HmY3QL7DigtPDk
WkHJ/uqZyj6VmKNzyLjpJ4k6654aNGgmqdXINrqdhIoa4sk4pRNYOnAFhix7m3j4
eZDEXJCaVIRm7IyVz3FMO4tYb7Yny4FFcbgFQYNAB6eAYJZjln6cWCFdX1CDFfdX
6ew87dezkg9P9vdSl8jGN58YAn0MVjg59vZogADpeKMkkZ8rbjrO9UR/J6mUU8C6
tAhAXVH06vtmp0KhfIqEk1uMa5SUxjfRb9s+2dbf6lNmDU2U9rLi
=0AyL
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of jython_2.7.2~rc1+repack1-2_source.changes

[Debian FTP Masters]

jython_2.7.2~rc1+repack1-2_source.changes uploaded successfully to localhost
along with the files:
  jython_2.7.2~rc1+repack1-2.dsc
  jython_2.7.2~rc1+repack1-2.debian.tar.xz
  jython_2.7.2~rc1+repack1-2_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.