Bug#1057315: tiles: CVE-2023-49735

Source: tiles Version: 3.0.7-5 Severity: important Tags: security upstream X-Debbugs-Cc: a...@debian.org, ebo...@apache.org, car...@debian.org, Debian Security Team Hi, The following vulnerability was published for tiles. CVE-2023-49735[0]: | ** UNSUPPORTED WHEN ASSIGNED ** The value set as t

Processed: Bug#800986 marked as pending in libowasp-antisamy-java

Processing control commands: > tag -1 pending Bug #800986 [libowasp-antisamy-java] libowasp-antisamy-java: depends on obsolete libcommons-httpclient-java library Added tag(s) pending. -- 800986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800986 Debian Bug Tracking System Contact ow...@bu

Processing of libowasp-antisamy-java_1.7.4-1_source.changes

libowasp-antisamy-java_1.7.4-1_source.changes uploaded successfully to localhost along with the files: libowasp-antisamy-java_1.7.4-1.dsc libowasp-antisamy-java_1.7.4.orig.tar.gz libowasp-antisamy-java_1.7.4-1.debian.tar.xz libowasp-antisamy-java_1.7.4-1_amd64.buildinfo Greetings,

libowasp-antisamy-java_1.7.4-1_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 11:32:40 +0100 Source: libowasp-antisamy-java Architecture: source Version: 1.7.4-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers

Bug#1010154: marked as done (libowasp-antisamy-java: CVE-2022-28366 + CVE-2022-28367)

Your message dated Sun, 03 Dec 2023 11:12:26 + with message-id and subject line Bug#1010154: fixed in libowasp-antisamy-java 1.7.4-1 has caused the Debian Bug report #1010154, regarding libowasp-antisamy-java: CVE-2022-28366 + CVE-2022-28367 to be marked as done. This means that you claim tha

Bug#1014981: marked as done (libowasp-antisamy-java: CVE-2016-10006 CVE-2017-14735 CVE-2021-35043)

Your message dated Sun, 03 Dec 2023 11:12:26 + with message-id and subject line Bug#1014981: fixed in libowasp-antisamy-java 1.7.4-1 has caused the Debian Bug report #1014981, regarding libowasp-antisamy-java: CVE-2016-10006 CVE-2017-14735 CVE-2021-35043 to be marked as done. This means that

Bug#1054164: marked as done (libowasp-antisamy-java: CVE-2023-43643)

Your message dated Sun, 03 Dec 2023 11:12:26 + with message-id and subject line Bug#1054164: fixed in libowasp-antisamy-java 1.7.4-1 has caused the Debian Bug report #1054164, regarding libowasp-antisamy-java: CVE-2023-43643 to be marked as done. This means that you claim that the problem has

Bug#800986: marked as done (libowasp-antisamy-java: depends on obsolete libcommons-httpclient-java library)

Your message dated Sun, 03 Dec 2023 11:12:26 + with message-id and subject line Bug#800986: fixed in libowasp-antisamy-java 1.7.4-1 has caused the Debian Bug report #800986, regarding libowasp-antisamy-java: depends on obsolete libcommons-httpclient-java library to be marked as done. This me

Processing of openrefine_3.7.7-1_source.changes

openrefine_3.7.7-1_source.changes uploaded successfully to localhost along with the files: openrefine_3.7.7-1.dsc openrefine_3.7.7.orig.tar.xz openrefine_3.7.7-1.debian.tar.xz openrefine_3.7.7-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)

Processing of ca-certificates-java_20230710~deb12u1_source.changes

ca-certificates-java_20230710~deb12u1_source.changes uploaded successfully to localhost along with the files: ca-certificates-java_20230710~deb12u1.dsc ca-certificates-java_20230710~deb12u1.tar.xz ca-certificates-java_20230710~deb12u1_source.buildinfo Greetings, Your Debian queue d

ca-certificates-java_20230710~deb12u1_source.changes ACCEPTED into proposed-updates->stable-new

Thank you for your contribution to Debian. Mapping bookworm to stable. Mapping stable to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 03 Dec 2023 13:04:00 +0100 Source: ca-certificates-java Architecture: source Version: 20230710~deb12u1 Dist

openrefine_3.7.7-1_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 11:51:18 +0100 Source: openrefine Architecture: source Version: 3.7.7-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-B

Processing of tomcat10_10.1.16-1_source.changes

tomcat10_10.1.16-1_source.changes uploaded successfully to localhost along with the files: tomcat10_10.1.16-1.dsc tomcat10_10.1.16.orig.tar.xz tomcat10_10.1.16-1.debian.tar.xz tomcat10_10.1.16-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)

Bug#1057324: jcsp: Upgrade to 1.1.10

Source: jcsp Version: 1.1-rc4-2.1 Severity: wishlist I'm filing this mostly as help for the next maintainer (maybe myself in the future). Upstream migrated to Github: https://github.com/CSPforJAVA/jcsp 1.1.10 release should be compatible with what is in the archive, however upstream switched th

Processing of jcsp_1.1-rc4-3_source.changes

jcsp_1.1-rc4-3_source.changes uploaded successfully to localhost along with the files: jcsp_1.1-rc4-3.dsc jcsp_1.1-rc4-3.debian.tar.xz jcsp_1.1-rc4-3_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This is the maintainer address of Debian'

tomcat10_10.1.16-1_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 13:31:22 +0100 Source: tomcat10 Architecture: source Version: 10.1.16-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-B

Bug#1057082: marked as done (tomcat10: CVE-2023-46589)

Your message dated Sun, 03 Dec 2023 13:14:00 + with message-id and subject line Bug#1057082: fixed in tomcat10 10.1.16-1 has caused the Debian Bug report #1057082, regarding tomcat10: CVE-2023-46589 to be marked as done. This means that you claim that the problem has been dealt with. If this

jcsp_1.1-rc4-3_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2023 22:46:43 + Source: jcsp Architecture: source Version: 1.1-rc4-3 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: M

Bug#1057315: tiles: CVE-2023-49735

Salvatore Bonaccorso wrote: > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > The project is dead-upstream TTBOMK, so not sure if/what we can do at > all for this issue. Removal seems not possible as per:

Bug#1057315: tiles: CVE-2023-49735

Am Sonntag, dem 03.12.2023 um 15:10 +0100 schrieb Moritz Muehlenhoff: > > But maybe we can set it as "no-dsa", is it only used as build > > dependency for libspring-java and not sensible outside? > > Spring is already marked as unsupported, so we can simply extend that. +1 This is sensible in thi

Bug#1057047: tomcat10-common: Tomcat 10 helper script doesn't look for temurin based jdk installs

On Tue, 28 Nov 2023 17:59:18 +0100 Joan wrote: > Package: tomcat10-common > Version: 10.1.15-1 > Severity: normal > X-Debbugs-Cc: aseq...@gmail.com > > Dear Maintainer, > >    * What led up to the situation? > I am trying to use debian's tomcat 10 with java 21, since it's not present on debian I

ca-certificates-java_20230710~deb12u1_source.changes ACCEPTED into proposed-updates

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 03 Dec 2023 13:04:00 +0100 Source: ca-certificates-java Architecture: source Version: 20230710~deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Java Main

Bug#1041419: marked as done (ca-certificates-java: circular dependencies)

Your message dated Sun, 03 Dec 2023 17:02:09 + with message-id and subject line Bug#1041419: fixed in ca-certificates-java 20230710~deb12u1 has caused the Debian Bug report #1041419, regarding ca-certificates-java: circular dependencies to be marked as done. This means that you claim that the

Bug#1037478: marked as done (ca-certificates-java: Loop in the execution of the trigger)

Your message dated Sun, 03 Dec 2023 17:02:09 + with message-id and subject line Bug#1037478: fixed in ca-certificates-java 20230710~deb12u1 has caused the Debian Bug report #1037478, regarding ca-certificates-java: Loop in the execution of the trigger to be marked as done. This means that you

Processing of jnr-ffi_2.2.15-1_source.changes

jnr-ffi_2.2.15-1_source.changes uploaded successfully to localhost along with the files: jnr-ffi_2.2.15-1.dsc jnr-ffi_2.2.15.orig.tar.gz jnr-ffi_2.2.15-1.debian.tar.xz jnr-ffi_2.2.15-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This

jnr-ffi_2.2.15-1_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 15:53:36 + Source: jnr-ffi Architecture: source Version: 2.2.15-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By:

Processing of jnr-ffi_2.2.15-2_source.changes

jnr-ffi_2.2.15-2_source.changes uploaded successfully to localhost along with the files: jnr-ffi_2.2.15-2.dsc jnr-ffi_2.2.15-2.debian.tar.xz jnr-ffi_2.2.15-2_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This is the maintainer address of

Processing of jnr-unixsocket_0.38.21-2_source.changes

jnr-unixsocket_0.38.21-2_source.changes uploaded successfully to localhost along with the files: jnr-unixsocket_0.38.21-2.dsc jnr-unixsocket_0.38.21-2.debian.tar.xz jnr-unixsocket_0.38.21-2_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) __ T

Bug#1057315: tiles: CVE-2023-49735

Control: clone -1 -2 -3 Control: retitle -2 tiles: Add README.Debian.security to document support status Control: reassign -3 src:debian-security-support Control: retitle -3 Mark tiles as only supported for building applications shipped in Debian Hi, On Sun, Dec 03, 2023 at 03:35:31PM +0100, Ma

Processed: Re: Bug#1057315: tiles: CVE-2023-49735

Processing control commands: > clone -1 -2 -3 Bug #1057315 [src:tiles] tiles: CVE-2023-49735 Bug 1057315 cloned as bugs 1057342-1057343 > retitle -2 tiles: Add README.Debian.security to document support status Bug #1057342 [src:tiles] tiles: CVE-2023-49735 Changed Bug title to 'tiles: Add README.D

jnr-ffi_2.2.15-2_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 19:38:57 + Source: jnr-ffi Architecture: source Version: 2.2.15-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By:

jnr-unixsocket_0.38.21-2_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 12:37:33 + Source: jnr-unixsocket Architecture: source Version: 0.38.21-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Cha

Bug#1057348: src:takari-polyglot-maven: fails to migrate to testing for too long: unresolved RC bug and B-D not ready to migrate

Source: takari-polyglot-maven Version: 0.4.11-1 Severity: serious Control: close -1 0.4.11-2 Tags: sid trixie User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more tha

Processed: src:takari-polyglot-maven: fails to migrate to testing for too long: unresolved RC bug and B-D not ready to migrate

Processing control commands: > close -1 0.4.11-2 Bug #1057348 [src:takari-polyglot-maven] src:takari-polyglot-maven: fails to migrate to testing for too long: unresolved RC bug and B-D not ready to migrate Marked as fixed in versions takari-polyglot-maven/0.4.11-2. Bug #1057348 [src:takari-polygl

Bug#1053079: slashtime: FTBFS with default Java 21

Dear Maintainers, Would it be possible to consider a merge request[1] that addresses this issue? Best Regards, Vladimir. [1] https://salsa.debian.org/java-team/slashtime/-/merge_requests/1 __ This is the maintainer address of Debian's Java team

headius-options 1.7-1 MIGRATED to testing

FYI: The status of the headius-options source package in Debian's testing distribution has changed. Previous version: 1.4-2 Current version: 1.7-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will rec

libapfloat-java 1.12.0-1 MIGRATED to testing

FYI: The status of the libapfloat-java source package in Debian's testing distribution has changed. Previous version: 1.11.0-1 Current version: 1.12.0-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you wi

jitescript 0.4.3-1 MIGRATED to testing

FYI: The status of the jitescript source package in Debian's testing distribution has changed. Previous version: 0.4.1-3 Current version: 0.4.3-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will rece

xerial-sqlite-jdbc 3.44.1.0+dfsg-1 MIGRATED to testing

FYI: The status of the xerial-sqlite-jdbc source package in Debian's testing distribution has changed. Previous version: 3.42.0.0+dfsg-1 Current version: 3.44.1.0+dfsg-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple t

Processing of copy-rename-maven-plugin_2.0.0-1_source.changes

copy-rename-maven-plugin_2.0.0-1_source.changes uploaded successfully to localhost along with the files: copy-rename-maven-plugin_2.0.0-1.dsc copy-rename-maven-plugin_2.0.0.orig.tar.gz copy-rename-maven-plugin_2.0.0-1.debian.tar.xz copy-rename-maven-plugin_2.0.0-1_amd64.buildinfo Greeting

Bug#1053086: Additional information

Dear Maintainers, Would it be possible to consider a merge request[1] that addresses this issue? Note: I would like to upgrade WEKA to the latest stable, but it will require some effort due to the dependencies. Best Regards, Vladimir. [1] https://salsa.debian.org/java-team/weka/-/merge_re

copy-rename-maven-plugin_2.0.0-1_source.changes REJECTED

Version check failed: Your upload included the source package copy-rename-maven-plugin, version 2.0.0-1, however unstable already has version 2.0.0-1. Uploads to unstable must have a higher version than present in unstable. === Please feel free to respond to this email if you don't understa

Processed: Bug#1047353 marked as pending in jdeb

Processing control commands: > tag -1 pending Bug #1047353 [src:jdeb] jdeb: Fails to build source after successful build Added tag(s) pending. -- 1047353: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1047353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is

Processing of jdeb_1.10-1_source.changes

jdeb_1.10-1_source.changes uploaded successfully to localhost along with the files: jdeb_1.10-1.dsc jdeb_1.10.orig.tar.xz jdeb_1.10-1.debian.tar.xz jdeb_1.10-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This is the maintainer address

jdeb_1.10-1_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 21:59:59 -0800 Source: jdeb Architecture: source Version: 1.10-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: tony

Bug#1047353: marked as done (jdeb: Fails to build source after successful build)

Your message dated Mon, 04 Dec 2023 06:34:31 + with message-id and subject line Bug#1047353: fixed in jdeb 1.10-1 has caused the Debian Bug report #1047353, regarding jdeb: Fails to build source after successful build to be marked as done. This means that you claim that the problem has been d

Bug#1057168: marked as done (jdeb: FTBFS with bouncycastle 1.77)

Your message dated Mon, 04 Dec 2023 06:34:31 + with message-id and subject line Bug#1057168: fixed in jdeb 1.10-1 has caused the Debian Bug report #1057168, regarding jdeb: FTBFS with bouncycastle 1.77 to be marked as done. This means that you claim that the problem has been dealt with. If th

Processing of slashtime_0.5.13-3_source.changes

slashtime_0.5.13-3_source.changes uploaded successfully to localhost along with the files: slashtime_0.5.13-3.dsc slashtime_0.5.13-3.debian.tar.xz slashtime_0.5.13-3_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This is the maintainer add

slashtime_0.5.13-3_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 21:27:51 -0800 Source: slashtime Architecture: source Version: 0.5.13-3 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-B

Bug#1053079: marked as done (slashtime: FTBFS with OpenJDK 21 due to unsupported javac source/target level 7)

Your message dated Mon, 04 Dec 2023 06:49:38 + with message-id and subject line Bug#1053079: fixed in slashtime 0.5.13-3 has caused the Debian Bug report #1053079, regarding slashtime: FTBFS with OpenJDK 21 due to unsupported javac source/target level 7 to be marked as done. This means that

Processed: Bug#1046193 marked as pending in weka

Processing control commands: > tag -1 pending Bug #1046193 [src:weka] weka: Fails to build source after successful build Added tag(s) pending. -- 1046193: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1046193 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is

Processing of weka_3.6.14-4_source.changes

weka_3.6.14-4_source.changes uploaded successfully to localhost along with the files: weka_3.6.14-4.dsc weka_3.6.14-4.debian.tar.xz weka_3.6.14-4_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This is the maintainer address of Debian's Jav

weka_3.6.14-4_source.changes ACCEPTED into unstable

Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 23:16:40 -0800 Source: weka Architecture: source Version: 3.6.14-4 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: to

Bug#1053086: marked as done (weka: FTBFS with default Java 21)

Your message dated Mon, 04 Dec 2023 07:49:36 + with message-id and subject line Bug#1053086: fixed in weka 3.6.14-4 has caused the Debian Bug report #1053086, regarding weka: FTBFS with default Java 21 to be marked as done. This means that you claim that the problem has been dealt with. If th

Bug#1046193: marked as done (weka: Fails to build source after successful build)

Your message dated Mon, 04 Dec 2023 07:49:36 + with message-id and subject line Bug#1046193: fixed in weka 3.6.14-4 has caused the Debian Bug report #1046193, regarding weka: Fails to build source after successful build to be marked as done. This means that you claim that the problem has been