Processing of snappy-java_1.1.1.6-1_amd64.changes
snappy-java_1.1.1.6-1_amd64.changes uploaded successfully to localhost along with the files: snappy-java_1.1.1.6-1.dsc snappy-java_1.1.1.6.orig.tar.xz snappy-java_1.1.1.6-1.debian.tar.xz libsnappy-java_1.1.1.6-1_all.deb libsnappy-jni_1.1.1.6-1_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
snappy-java_1.1.1.6-1_amd64.changes is NEW
binary:libsnappy-jni is NEW. Your package has been put into the NEW queue, which requires manual action from the ftpteam to process. The upload was otherwise valid (it had a good OpenPGP signature and file hashes are valid), so please be patient. Packages are routinely processed through to the archive, and do feel free to browse the NEW queue[1]. If there is an issue with the upload, you will recieve an email from a member of the ftpteam. If you have any questions, you may reply to this email. [1]: https://ftp-master.debian.org/new.html __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#760733: libspring-java: CVE-2014-0225
Hello Stephen, On Mon, 08 Sep 2014, Stephen Nelson wrote: For what it's worth, CVE-2014-3578 was assigned to a directory traversal vulnerability in libspring-java ( http://www.pivotal.io/security/cve-2014-3578) Thanks for letting us know about this one. I've had a quick look and it might be more difficult to fix given that there hasn't been a specific commit made in a later version of Spring which could be backported. However, I will look into this in more detail and report back to the BTS for this bug. I haven't seen any followup yet. Do you still plan to do the required investigation? This bug is one of Jessie's remaining release critical bugs so it would be nice if there could be some progress. (Of course, packaging a new upstream version can also be considered by release team members if backporting is too much work) Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#760733: libspring-java: CVE-2014-0225
On 26 Nov 2014 10:45, Raphael Hertzog hert...@debian.org wrote: Hello Stephen, On Mon, 08 Sep 2014, Stephen Nelson wrote: For what it's worth, CVE-2014-3578 was assigned to a directory traversal vulnerability in libspring-java ( http://www.pivotal.io/security/cve-2014-3578) Thanks for letting us know about this one. I've had a quick look and it might be more difficult to fix given that there hasn't been a specific commit made in a later version of Spring which could be backported. However, I will look into this in more detail and report back to the BTS for this bug. I haven't seen any followup yet. Do you still plan to do the required investigation? This bug is one of Jessie's remaining release critical bugs so it would be nice if there could be some progress. (Of course, packaging a new upstream version can also be considered by release team members if backporting is too much work) I couldn't find any specifics on this vulnerability other than the upstream saying it's not present in their currently supported versions. Therefore it looks like upgrading to 3.2.x would solve the security issue but is quite a lot of work and involves dependencies not yet packaged in Debian. I'm happy to help but ask more experienced Java team members on what's the best course of action here. Cheers Stephen __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#760733: libspring-java: CVE-2014-0225
I've been investigating this issue as well. I contacted an upstream developer and it seems the actual fix for this issue is unknown. The version 3.2.0 was just reported as not vulnerable by the security researched who discovered this issue. I can prepare an upgrade to the latest 3.2.x version but this will at least require libhibernate-validator-java to be unblocked as well. Emmanuel Bourg __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#760733: libspring-java: CVE-2014-0225
On Wed, Nov 26, 2014 at 12:40:37PM +0100, Emmanuel Bourg wrote: I've been investigating this issue as well. I contacted an upstream developer and it seems the actual fix for this issue is unknown. The version 3.2.0 was just reported as not vulnerable by the security researched who discovered this issue. I can prepare an upgrade to the latest 3.2.x version but this will at least require libhibernate-validator-java to be unblocked as well. I didn't look into the specific issue, but Red Hat Bugzilla has references to isolated patches? https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225 Cheers, Moritz __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#760733: libspring-java: CVE-2014-0225
Le 26/11/2014 12:41, Moritz Muehlenhoff a écrit : I didn't look into the specific issue, but Red Hat Bugzilla has references to isolated patches? https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225 I don't know why the title of the mail refers to CVE-2014-0225, but the bug #760733 is related to CVE-2014-3578. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
libspring-java 3.0.6.RELEASE-17 MIGRATED to testing
FYI: The status of the libspring-java source package in Debian's testing distribution has changed. Previous version: 3.0.6.RELEASE-16 Current version: 3.0.6.RELEASE-17 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processing of gradle-propdeps-plugin_0.0.7-1_amd64.changes
gradle-propdeps-plugin_0.0.7-1_amd64.changes uploaded successfully to localhost along with the files: gradle-propdeps-plugin_0.0.7-1.dsc gradle-propdeps-plugin_0.0.7.orig.tar.xz gradle-propdeps-plugin_0.0.7-1.debian.tar.xz gradle-propdeps-plugin_0.0.7-1_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
gradle-propdeps-plugin_0.0.7-1_amd64.changes is NEW
binary:gradle-propdeps-plugin is NEW. source:gradle-propdeps-plugin is NEW. Your package has been put into the NEW queue, which requires manual action from the ftpteam to process. The upload was otherwise valid (it had a good OpenPGP signature and file hashes are valid), so please be patient. Packages are routinely processed through to the archive, and do feel free to browse the NEW queue[1]. If there is an issue with the upload, you will recieve an email from a member of the ftpteam. If you have any questions, you may reply to this email. [1]: https://ftp-master.debian.org/new.html __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#763994: eclipse: no java or c++ project available in filenew
Control: tags -1 patch confirmed On Mon, 24 Nov 2014 17:19:23 +0100 Markus Koschany a...@gambaru.de wrote: With new installations I see the same result as mentioned in this bug report. No option for Java or C++ projects. My old installation of eclipse, which has been constantly updated over the past years, does not show any signs of it. I don't know how to debug this issue yet. The bug seems to be similar to #735096. According to the changelog the resolution for this one was: Apparently the patch for #769248 and #770457 fixes this bug here too. The root cause for all of them were the missing files in eclipse-rcp. #763994 is not reproducible on amd64 which makes perfectly sense since all files were properly installed into the amd64 package of eclipse-rcp. However on i386 I can confirm that there are no options for creating Java projects but after I had installed the latest version from Git, this option was available again. I have updated the changelog and closed this bug report too. The changes from the last revision appear acceptable to me, so we should try to get them into Jessie as well. Markus signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: eclipse: no java or c++ project available in filenew
Processing control commands: tags -1 patch confirmed Bug #763994 [eclipse] eclipse: no java or c++ project available in filenew Added tag(s) confirmed and patch. -- 763994: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763994 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.