Bug#1001729: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations

Control: owner -1 ! Am Dienstag, dem 14.12.2021 um 21:37 +0100 schrieb Salvatore Bonaccorso: > Source: apache-log4j2 > Version: 2.15.0-1 > Severity: grave > Tags: security upstream > Justification: user security hole > Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3221 > X-Debbugs-Cc:

Bug#1001590: File conflict with older versions

Am Sonntag, dem 12.12.2021 um 19:05 +0100 schrieb Philipp Marek: > Package: liblog4j2-java > Version: 2.13.3-1 > Severity: normal > X-Debbugs-Cc: phil...@marek.priv.at > > > When installing I get this: (sorry about the German) > >     Entpacken von liblog4j2-java (2.13.3-1) ... >     dpkg:

Bug#1001478: apache-log4j2: CVE-2021-44228:: Remote code injection via crafted log messages

Am Samstag, dem 11.12.2021 um 10:52 -0800 schrieb tony mancill: > On Fri, Dec 10, 2021 at 10:42:24PM +0100, Markus Koschany wrote: > > Control: owner -1 ! > > > > I am currently investigating the fix for CVE-2021-44228. > > Hi Markus, > > Thank y

Bug#1001478: apache-log4j2: CVE-2021-44228:: Remote code injection via crafted log messages

Control: owner -1 ! I am currently investigating the fix for CVE-2021-44228. Markus signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team .

Re: libowasp-encoder-java_1.2.3-1_amd64.changes REJECTED

Hello, Am Samstag, dem 27.11.2021 um 11:00 + schrieb Thorsten Alteholz: > > Hi Markus, > > please also mention at least Jeremy Long, Jeff Ichnowski and Jim Manico in > your debian/copyright. I feel this could have been handled differently. They are just project contributors under the

Bug#996696: google-http-client-java: please upgrade to version 1.40.1

On Tue, 26 Oct 2021 21:05:57 -0400 Olek Wojnar wrote: > Markus, > > Sorry for the slow reply, it has been an extraordinarily crazy time over > here recently. I'm barely keeping up on emails but I'm hoping that things > quiet down a little in the coming weeks and allow me to catch up. This is >

Bug#998606: gradle: FTBFS: Could not resolve commons-io:commons-io:debian.

Am Donnerstag, dem 04.11.2021 um 20:54 +0100 schrieb Lucas Nussbaum: > Source: gradle > Version: 4.4.1-13 > Severity: serious > Justification: FTBFS > Tags: bookworm sid ftbfs > User: lu...@debian.org > Usertags: ftbfs-20211104 ftbfs-bookworm > > Hi, > > During a rebuild of all packages in sid,

Bug#998238: syncany: FTBFS: Could not resolve commons-io:commons-io:2.4.

Am Montag, dem 01.11.2021 um 07:20 -0700 schrieb tony mancill: > On Mon, Nov 01, 2021 at 02:06:32PM +0100, Andreas Beckmann wrote: > > Source: syncany > > Version: 0.4.9~alpha-3 > > Severity: serious > > Tags: ftbfs > > Justification: fails to build from source > > > > Hi, > > > > syncany

Re: libsecondstring-java_0.1-1_amd64.changes REJECTED

Hi Thorsten, Am Sonntag, dem 24.10.2021 um 11:00 + schrieb Thorsten Alteholz: > > Hi Markus, > > please also mention Horacio Camacho and his TagLink* files in your > debian/copyright. > > Unfortunately he did not add any license information to his files. > As he is not a contributor to

Bug#996693: google-http-client-java: please upgrade to version 1.40.1

Hi, could you both comment on Debian bugs #996693 and #996696 please? Regards, Markus signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team .

Bug#924005: client certificate verification regression with puppetdb

Control: severity -1 normal On Fri, 8 Mar 2019 09:59:14 +0100 "=?UTF-8?Q?Stefan_B=c3=bchler?=" wrote: > Package: jetty9 > Version: 9.4.15-1 > Severity: important > > Hi. > > The update (libjetty9-java and libjetty9-extra-java) to 9.4.15-1 broke > our puppetdb setup; a downgrade to 9.4.14-1

Bug#994440: jetty9 systemd unit too strict for normal use

Hello, thanks for the report. On Thu, 16 Sep 2021 08:17:29 +0200 Martin van Es wrote: > Package: jetty9 > Version: 9.4.16-0+deb10u1 > Severity: important > > On a default jetty9 install, the systemd unit file restricts readwrite > operations to /var/lib/jetty9/ using the systemd ProtectSystem

Bug#996696: google-api-client-java: please drop add_depend.patch

Source: google-api-client-java Version: 1.27.1-1 Severity: important X-Debbugs-Cc: a...@debian.org Hi, google-api-client-java ships the add_depend.patch which sets the scope of three depedencies including google-http-client to scope=provided. This forces other reverse-dependencies of

Bug#996693: google-http-client-java: please upgrade to version 1.40.1

Source: google-http-client-java Version: 1.32.1-1 Severity: normal X-Debbugs-Cc: a...@debian.org Hi, I am working on packaging the openrefine project and google-http-client-java is one of its dependencies. I didn't notice we already ship google-http-client-java in Debian thus I had created my

Bug#985690: sweethome3d: depends on libfreehep-util-java and libfreehep-xml-java

On Mon, 22 Mar 2021 09:57:02 +0200 Andrius Merkys wrote: > Package: sweethome3d > Version: 6.4.2+dfsg-1 > > Hello, > > sweethome3d depends on libfreehep-util-java and libfreehep-xml-java: > > $ sudo apt-get autoremove libfreehep-util-java libfreehep-xml-java > > $ sweethome3d > [warning]

Bug#995205: jsap: does not correctly initialize the security framework of xstream

ncy=medium + + * Non-maintainer upload. + * + + -- Markus Koschany Mon, 27 Sep 2021 22:36:22 +0200 + jsap (2.1-4) unstable; urgency=medium * Setting Salsa VCS paths diff -Nru jsap-2.1/debian/patches/series jsap-2.1/debian/patches/series --- jsap-2.1/debian/patches/series 1970-01-01 01:00:00

Bug#987179: tomcat9: catalina.out created with root owner, then logrotate fails to process it

On Mon, 19 Apr 2021 10:13:50 +0200 Adam Cecile wrote: > Package: tomcat9 > Version: 9.0.43-1 > Severity: important > > Hello, > > I just deployed 9 servers using Debian 11 and I have a rather serious issue > with them. > > root@debian11.server:~# ls -lah /var/log/tomcat9/catalina.out >

Bug#925473: tomcat9: sysvinit script missing

Am Dienstag, dem 21.09.2021 um 16:10 + schrieb Thorsten Glaser: [...] > I have no idea why Emmanuel, the primary maintainer, has been set > so strongly against merging this patch for as long as I promise to > take care of it and deal with any related fallout > (maybe some systemd > fan paid

Re: liblessen-java_1.0-1_amd64.changes REJECTED

Hi, Am Montag, dem 09.08.2021 um 20:10 + schrieb Bastian Blank: > > Hi > > The source does not contain a single license statement or copyright > information. > > Also there seems to be no upstream for it? The project is no longer maintained by the original upstream developer but by the

Bug#991614: apache-directory-server: CVE-2021-33900

On Wed, 28 Jul 2021 17:44:49 +0200 Salvatore Bonaccorso wrote: > Hi, > > The following vulnerability was published for apache-directory-server. > > CVE-2021-33900[0]: Hi Salvatore, are you sure CVE-2021-33900 corresponds to apache-directory-server as well? To me it seems the vulnerability

Bug#991188: jetty9: CVE-2021-34429

Control: owner -1 ! Hi, Am Freitag, dem 16.07.2021 um 21:16 +0200 schrieb Salvatore Bonaccorso: > Source: jetty9 > Version: 9.4.39-2 > Severity: grave > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > Hi, > > The following vulnerability was published for

Bug#987896: GUI drawing error due to Dsun.java2d.opengl=true

Control: severity -1 normal Hello, On Sat, 1 May 2021 17:14:57 + (UTC) Alexis PM wrote: > Package: sweethome3d > Version: 6.1.2+dfsg-2 > Severity: grave > Justification: package unusable > > Widespread GUI drawing errors (entire sections of the window appear black when interacting with

Bug#972230: Bug#976477 marked as pending in jruby

Hi, I'm just investigating the current open RC bugs for the debian-java maintained packages. You have marked #976477 and #977979 in jruby as pending. Could you clarify why there hasn't been an upload yet? There also seems to be another RC bug, #972230. Do you have any suggestions how we can

Bug#986008: libpdfbox2-java: CVE-2021-27906

Hi tony, Am Sonntag, den 04.04.2021, 21:05 -0700 schrieb tony mancill: > On Sat, Mar 27, 2021 at 07:54:11PM +0100, Salvatore Bonaccorso wrote: > > Source: libpdfbox2-java > > Version: 2.0.22-1 > > Severity: important > > Tags: security upstream > > Forwarded:

Bug#985604: sweethome3d svg export bug

Am Montag, den 22.03.2021, 07:55 +0200 schrieb Andrius Merkys: > Control: severity 985604 important > Control: tags 985604 + confirmed > > Hello, > > On 2021-03-20 18:05, Антон Скрипка wrote: > > When export to SVG: > > > > Java 3D: implicit antialiasing enabled > >

Bug#800983: Reopen bug 800983 and 982001

Control: tags 800983 pending Control: tags 982001 pending On second thought, let's fix this now. signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team

Bug#982001: Reopen bug 800983 and 982001

Control: reopen 800983 982001 I'm reopening bug 800983 and 982001 because they were not properly fixed. I let the current version in unstable migrate to testing and then I fix those remaining issues. Markus signature.asc Description: This is a digitally signed message part __ This is the

Bug#982580: netty: CVE-2021-21290

Control: owner -1 ! Hi Salvatore, Am Freitag, den 12.02.2021, 07:42 +0100 schrieb Salvatore Bonaccorso: > Source: netty > Version: 1:4.1.48-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team < > t...@security.debian.org> > Control: found -1

Bug#947844: also affected by libservlet3.1-java: 8.5.50-0+deb9u1 breaks upgrades to Buster, fix not in proposed-updates

Am Freitag, den 29.01.2021, 14:25 +0200 schrieb Modestas: > The bug is still not fixed as I tried updating LMDE3 to LMDE4 based on debian > 9 to 10. The bug was fixed eight months ago. Without more information, nobody can investigate your problem. Regards, Markus Koschany signatu

Bug#980816: Clarify requirement for safe default typing?

Hi Moritz, Am Freitag, den 22.01.2021, 21:03 +0100 schrieb Moritz Muehlenhoff: > Source: jackson-databind > Severity: important > X-Debbugs-Cc: car...@debian.org, a...@debian.org > > Starting with 2.10 (and thus in Bullseye) upstream makes safe default > typing required, the absense is no longer

Bug#976548: This package only builds Arch:all binary packages

Control: severity -1 normal The package is arch:all and builds fine on amd64 but FTBFS on other supported architectures. Apparently one or two arch-dependent tests fail which is the root cause of this failure. I'm downgrading the severity to normal as discussed on the debian-java list. This is

Bug#976915: service-wrapper-java: FTBFS on ppc64el: [exec] wrapper.c:(.text+0x3598): undefined reference to `pow'

On Wed, 9 Dec 2020 09:41:34 +0100 Lucas Nussbaum wrote: > Source: service-wrapper-java > Version: 3.5.30-1 > Severity: serious > Justification: FTBFS on ppc64el > Tags: bullseye sid ftbfs > Usertags: ftbfs-20201209 ftbfs-bullseye ftbfs-ppc64el > > Hi, > > During a rebuild of all packages in

Bug#976948: jnr-unixsocket: FTBFS on ppc64el (arch:all-only src pkg): dh_auto_test: error: /usr/lib/jvm/default-java/bin/java -noverify -cp /usr/share/maven/boot/plexus-classworlds-2.x.jar -Dmaven.hom

Control: severity -1 normal I'm lowering the severity to normal as discussed on the debian-java mailing list. The package builds fine on amd64 but it appears a test fails on ppc64el. Markus signature.asc Description: This is a digitally signed message part __ This is the maintainer address of

Bug#973125: pdfsam: stackoverflow error when closing the application

Control: forwarded -1 https://github.com/torakiki/pdfsam/issues/431 signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team . Please use

Bug#973135: Bug#973070: libsis-base-java: FTBFS: Could not delete the directory targets/unit-test-wd/ch.syst

Hi, Am 29.10.20 um 15:11 schrieb Andreas Tille: Hi, here is a suggested patch for commons-io that would prevent making the test in libsis-base-java fail. It seems this is a six year old unresolved upstream bug. https://issues.apache.org/jira/browse/IO-449 This should be fixed upstream in

Bug#973331: omegat: please upgrade to use at least lucene 5.2.1

Package: omegat Version: 3.6.0.10+dfsg-3 Severity: normal Hi, I intend to remove solr from Debian before we freeze for Debian 11. It would be ideal if we could also remove liblucene3-java and liblucene3-contrib-java which are both built by src:lucene-solr too. Omegat is the only

Bug#973135: plexus-io: FTBFS

I can't reproduce the build failure in SymlinkUtilsTest.java. On my system all tests succeed. This is strange because upstream pushed a commit a few months ago that seems to address a symlink test failure. https://github.com/codehaus-plexus/plexus-io/pull/24 It is related to the maven resource

Bug#973135: Help needed: Bug#973070: libsis-base-java: FTBFS: Could not delete the directory targets/unit-test-wd/ch.systemsx.cisd.base.unix.UnixTests because: 1 exceptions: [java.io.IOException: Unab

Hi, This appears to be caused by the recent upgrade of Apache commons-io to version 2.8.0 (we had 2.6), see also #973135. In version 2.7 they removed a throws IOException in the method isSymlink() https://issues.apache.org/jira/browse/IO-610 Could it be related to this change? It is probably

Bug#973125: pdfsam: stackoverflow error when closing the application

Package: pdfsam Version: 4.1.4-1 Severity: normal When I close pdfsam, there is an unexpected error. It seems to be related to jackson-jr. Exception in Application stop method ERROR 18:33:20.952 org.pdfsam.UncaughtExceptionLogger[main] Unexpected error java.lang.RuntimeException: Exception in

Bug#972993: eclipse-wtp: FTBFS cannot find symbol

Source: eclipse-wtp Version: 3.18-4 Severity: serious Tags: ftbfs X-Debbugs-Cc: eclipse-wtp: FTBFS cannot find symbol Hi, while I was rebuilding reverse-dependencies of jflex, I discovered that eclipse-wtp fails to build from source. The error is unrelated to the new version of jflex.

Re: Bug#972172: Removed package(s) from unstable

Hi, Am 21.10.20 um 19:44 schrieb Sean Whitton: [...] >> I only requested that the obsolete binary packages got removed from >> unstable because libnb-absolutelayout-java, the only remaining binary >> package, did not migrate to testing. It appears you just removed the >> complete source package

Re: Bug#972172: Removed package(s) from unstable

Hello, Am 19.10.20 um 23:33 schrieb Debian FTP Masters: > We believe that the bug you reported is now fixed; the following > package(s) have been removed from unstable: > > libnb-absolutelayout-java | 12.1-1 | all > libnb-apisupport3-java | 10.0-3 | all > libnb-ide14-java | 10.0-3 |

Bug#933264: gradle: Nearly 3-year-old version almost useless

Hi, Am 05.10.20 um 23:07 schrieb Nick Jacobs: > Package: gradle > Version: 4.4.1-12 > Followup-For: Bug #933264 > X-Debbugs-Cc: halbtaxabo-...@yahoo.com > > Dear Maintainer, > > I tried to use gradle to build an application called keenwrite. > Build failed with the error message that the build

Bug#942814: libhibernate-validator-java: update to 5.3.6 breaks reverse-dependencies

Am 26.09.20 um 10:27 schrieb Emmanuel Bourg: > On 25/09/2020 13:50, Markus Koschany wrote: > >> Why did you upgrade hibernate-validator to version 5.x when >> no other package in Debian requires it? Wouldn't it have been >> simpler to revert the upgrade instea

Bug#942814: libhibernate-validator-java: update to 5.3.6 breaks reverse-dependencies

Am 25.09.20 um 08:17 schrieb Emmanuel Bourg: [...] > Hi Paul, > > The version 4.x has been packaged separately as > libhibernate-validator4-java. libspring-java has been updated to use it > but not the other reverse dependencies. > > Emmanuel Bourg Hi, pdfsam is the only other

Bug#970346: undertow: should not be part of Debian 11

Source: undertow Severity: normal Tags: security X-Debbugs-Cc: Debian Security Team I believe we should remove undertow from testing again for the same reasons as last time. Although the package is up-to-date no other package in Debian (except syncany in experimental) is currently using it.

Bug#963960: dbus-java-bin: CreateInterface fails with XML parsing errors

Hello, Am 29.06.20 um 11:51 schrieb Ronny Standtke: > Package: dbus-java-bin > Version: 2.8-9 > Severity: important > > Whatever I try, CreateInterface always fails with XML parsing errors, e.g.: [...] > This package, including it's upstream on freedesktop.org, seems to be > completely broken

Bug#928813: libapache2-mod-jk: Jk can not find any configured worker

Am 27.05.20 um 21:54 schrieb Thorsten Glaser: [...] > Thank you. Please also take care of buster. I will take care of Buster eventually. Markus signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team

Bug#928813: libapache2-mod-jk: Jk can not find any configured worker

Am 27.05.20 um 17:28 schrieb Thorsten Glaser: [...] > In stretch, an “a2enmod jk” will enable mods-available/jk.conf > and make things work. > > From reading the changelog, you wanted to “Install new httpd-jk.conf > file which follows Apache 2.4 syntax”, but the directory is wrong; > these files

Bug#960692: src:netbeans: Please add support to build against libjson-simple-java >= 3

Hi Gilles, Am 15.05.20 um 15:43 schrieb Gilles Filippini: > Package: src:netbeans > Version: 10.0-3 > Severity: normal > Tags: patch > > Hi, > > I'd like to transition json-simple 3.1.1 to unstable, but netbeans is a > blocker since it builds against libjson-simple-java << 3 only. [...] As I

Bug#959937: tomcat9: update to tomcat9:amd64 9.0.31-1~deb10u1 breaks application

Control: severity -1 normal Am 07.05.20 um 17:58 schrieb Michael Meier: [...] > The application doesn't use ajp. > > The sense of using unattended-upgrades and debian stable (no breaking > changes on updates) is not to read each security announcement in before. > > I'm not working in an area,

Bug#959937: tomcat9: update to tomcat9:amd64 9.0.31-1~deb10u1 breaks application

ut note that we ship the latest upstream version basically unmodified, so this would be most likely an upstream bug. Regards, Markus Koschany signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman

Bug#947844: also affected by libservlet3.1-java: 8.5.50-0+deb9u1 breaks upgrades to Buster, fix not in proposed-updates

Am 06.05.20 um 17:22 schrieb Thomas Arendsen Hein: > * Thomas Arendsen Hein [20200506 17:09]: >> I just encountered this bug, too, when upgrading a machine. > > For others reading here: > Running "apt-get install -f" seems to work to continue the upgrade. The fixed packages are currently in

Bug#959747: tomcat8: Tomcat8 fix for CVE-2020-1938 breaks compatibility with Apache2 mod_proxy_ajp

Control: severity -1 normal Hello, Am 04.05.20 um 21:58 schrieb Gianluca Bonetti: > Package: tomcat8 > Version: 8.5.54-0+deb9u1 > Severity: grave > > Dear Maintainer, > > Last tomcat8 upgrade, fixing CVE-2020-1938, is breaking the > functionalities of Tomcat AJP connector > in standard setup.

Bug#947844: Same bug!

Am 28.03.20 um 17:53 schrieb Ronny Buelund: > I have also experinced the exact same bug. Upgrading from a fresh Debian > 9 install. Any chance of getting this fixed ?? I will upload new packages to stable-proposed tomorrow but it may take a few days until they will be accepted. signature.asc

Bug#949089: libxmlrpc3-java: CVE-2019-17570: deserialization of server-side exception from faultCause in XMLRPC error response

Hi Salvatore, Am 17.01.20 um 06:31 schrieb Salvatore Bonaccorso: [...] > The patch proposed by Red Hat looks straightforward (with my limited > understanding though), but might have as well potential for regression > reports, as it is disabling deserialization by default, i.e. only uses > it if

Bug#949089: libxmlrpc3-java: CVE-2019-17570: deserialization of server-side exception from faultCause in XMLRPC error response

Hi, Am 16.01.20 um 21:27 schrieb Salvatore Bonaccorso: > Source: libxmlrpc3-java > Version: 3.1.3-9 > Severity: grave > Tags: security upstream > Justification: user security hole > > Hi, > > The following vulnerability was published for libxmlrpc3-java. > > CVE-2019-17570[0]: > |

Bug#949089: libxmlrpc3-java: CVE-2019-17570: deserialization of server-side exception from faultCause in XMLRPC error response

Control: owner -1 ! More information and proposed patch at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570 signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team

Bug#923795: /etc/cron.daily/tomcat7: compresses “live” logfiles

Hello, Am 15.01.20 um 18:10 schrieb Sylvain Beucler: > Hello Thorsten, > > I'm working on a tomcat7 security-only update, and checking the pending > bugs. > > /etc/cron.daily/tomcat7 uses the "copytruncate" method, which normally > should handle this situation, where it's not possible/wanted to

Bug#948024: undertow: CVE-2019-19343

Hi, On Fri, 03 Jan 2020 13:34:55 +0100 Salvatore Bonaccorso wrote: > Source: undertow > Severity: important > Tags: security upstream > > Hi! > > For undertow, there was CVE-2019-19343 assigned, which refers to > https://bugzilla.redhat.com/show_bug.cgi?id=1780445 only. The provided >

Bug#948235: libhibernate-validator-java: CVE-2019-10219

Package: libhibernate-validator-java X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libhibernate-validator-java. CVE-2019-10219[0]: | A vulnerability was found in Hibernate-Validator. The SafeHtml | validator

Bug#947844: libservlet3.1-java: 8.5.50-0+deb9u1 breaks upgrades to Buster

Hello, Am 31.12.19 um 16:33 schrieb Colomban Wendling: [...] > The reason seems to be that files from this package migrated to other > packages in Buster, but at an earlier version than 8.5.50-0+deb9u1 > (looks like the move happenend in 8.5.35-3~, according to the Breaks > in the now-broken

Bug#942507: pdfsam: Not working due to multiple errors

Control: severity -1 important I'm downgrading this issue to important because pdfsam in testing is not affected. As long as hibernate-validator 5.x does not migrate to testing, before this bug is fixed in unstable, it should not be a problem signature.asc Description: OpenPGP digital

Bug#942814: libhibernate-validator-java: update to 5.3.6 breaks reverse-dependencies

Package: libhibernate-validator-java Version: 5.3.6-1 Severity: serious The update of libhibernate-validator-java to version 5.3.6. broke at least pdfsam (#942507) and libspring-java. The new version is incompatible with libgeronimo-validation-1.0-spec-java and requires

Bug#941530: jackson-databind: CVE-2019-16942 CVE-2019-16943

Control: clone 941530 -1 Control: retitle -1 jackson-databind: consider using a whitelist Control: severity -1 wishlist Hi, Am 02.10.19 um 09:43 schrieb Salvatore Bonaccorso: [...] > Whilst I'm not yet sure if we should really release a futher DSA for > jackson-databind (we will come back to you

Bug#941530: jackson-databind: CVE-2019-16942 CVE-2019-16943

Hi Salvatore, Am 01.10.19 um 22:34 schrieb Salvatore Bonaccorso: > Source: jackson-databind > Version: 2.10.0-1 > Severity: grave > Tags: security upstream > Justification: user security hole > Forwarded: https://github.com/FasterXML/jackson-databind/issues/2478 > Control: found -1 2.9.8-3 >

Bug#940498: jackson-databind: CVE-2019-14540 CVE-2019-16335

Control: tags -1 pending On Mon, 16 Sep 2019 15:14:37 +0200 Salvatore Bonaccorso wrote: > Source: jackson-databind > Version: 2.9.9.3-1 > Severity: grave > Tags: security upstream > Justification: user security hole [...] > p.s.: wondering where that will going to end ;-) Hi, I also think it

Bug#940557: apache-pom: typo in artifactId apache.

Source: apache-pom Version: 18-1 Severity: normal There is a typo in apache-pom's artifactId. It should be just apache without the dot (apache.) It could be that packages fail to find some of the files. /usr/share/doc/libapache-pom-java/changelog.Debian.gz

Bug#939782: sweethome3d: Crash on draw

Control: retitle -1 nouveau_dri.so: SIGSEGV crashes sweethome3d Control: reassign -1 libgl1-mesa-dri Hello, Am 08.09.19 um 20:23 schrieb Bardot Jerome: > Package: sweethome3d > Version: 6.2+dfsg-1 > Severity: important > > Dear Maintainer, > > When i try to draw a wall SH3D crash. > > The

Bug#933715: jh_linkjars: dpkg -L "debhelper-compat" returned exit code 1

Am 02.09.19 um 20:16 schrieb Niels Thykier: > Control: severity -1 important > > On Fri, 02 Aug 2019 14:05:25 +0200 Markus Koschany wrote: >> Package: javahelper >> Version: 0.72.9 >> Severity: serious >> >> >> jh_linkjars apparently chokes

Bug#933854: solr-jetty: Jetty lacks necessary write permissions to /var/lib/solr/data/index/

Control: tags 933857 pending Control: tags 933854 pending On Sun, 1 Sep 2019 19:47:48 -0700 "J.P. Larocque" wrote: > stephan, thanks for tracking this down. I almost figured it out, and > then I found that you already reported this bug. Your other bug > report was also super helpful for me to

Bug#923330: jajuk: Fails to start with Java Runtime Environment 1.7 minimum required. You use a JVM ext.JVM@23fc625e

I pushed more changes to Git. We could fix the NullPointerException in insubstantial but now I get two different errors. Failed to register bus name / null and NoClassDefFoundError: org/slf4j/LoggerFactory I don't know why this class is suddenly missing from the classpath. signature.asc

Bug#911078: triplea: Fails to start with NullPointerException

Hello, On Wed, 7 Aug 2019 08:36:38 -0700 Dan Van Atta wrote: > Apologies for the long delay, updates to Debian are a deeper issue than I > initially realized. TripleA has had a history of maintenance overhead > problems, seeing the Debian fork has me realize that it is a fork with its > own

Bug#935842: jh_buld: Make java source version configurable

Am 27.08.19 um 00:02 schrieb darkdragon: > Thanks for your help! > > If I could create an account for the wiki, I had updated it -.- > The Debian development workflow is just so complicated and time > consuming! If you would use github/gitlab, I would send a lot more > patches directly! We

Bug#935849: tutorial: wrong bin link

Am 26.08.19 um 23:31 schrieb darkdragon: > Thank you so much for your detailed answer! You're welcome! > Adding "jarwrapper" to my runtime dependencies and changing > "debian/salliere.links" to "usr/share/salliere/salliere.jar > usr/bin/salliere.jar" solved my issue. > > Nevertheless, the

Bug#935842: jh_buld: Make java source version configurable

Am 26.08.19 um 22:51 schrieb darkdragon: > If you would also tell me HOW or even better add this to the tutorial > (https://people.debian.org/~apo/java/tutorial.html), I would be really > happy! Compiling Java source files to a specific release is not Debian specific. Take a look at man javac

Bug#935777: insubstantial: NullPointerException in getDefaultBackgroundColor()

Am 26.08.19 um 14:06 schrieb mer...@debian.org: > On 2019-08-26 15:03, Markus Koschany wrote: >> Thank you for the patch! I believe this also fixes the runtime errors >> for several other applications, e.g. triplea [1] >> >> [1] https://bugs.debian.org/911078 >

Bug#935777: insubstantial: NullPointerException in getDefaultBackgroundColor()

Hi, Am 26.08.19 um 08:17 schrieb mer...@debian.org: > Source: insubstantial > Version: 7.3+dfsg3-4 > Control: tags -1 + patch > > Hello, > > When using 'insubstantial' jars at runtime of one of my packaged > projects, I ran into upstream's issue [#56]. A workaround has been > proposed

Bug#933715: jh_linkjars: dpkg -L "debhelper-compat" returned exit code 1

Package: javahelper Version: 0.72.9 Severity: serious jh_linkjars apparently chokes on the new debhelper-compat package. Since it is not a real package dpkg -L does not work. I presume the workaround is to either add debhelper-compat to a blacklist or to find a more general way to not use dpkg

Bug#932604: sweethome3d: Unable to locate /usr/share/icedtea-web/netx.jar in /usr/share/java

Hi, Am 21.07.19 um 03:55 schrieb Adrien CLERC: > Package: sweethome3d > Version: 6.2+dfsg-1 > Severity: important > > Dear Maintainer, > > I have the following error: > >> env LANG=C sweethome3d > [warning] /usr/bin/sweethome3d: Unable to locate /usr/share/icedtea- > web/netx.jar in

Bug#910764: openjfx: segmentation fault in GtkNativeMainLoopThread with GTK 3

Am 30.06.19 um 12:42 schrieb Thomas Uhle: > Hello Markus, > > it seems that the bugfix has been backported upstream to OpenJFX 11.0.2 > as well. Please see https://bugs.openjdk.java.net/browse/JDK-8216292 for > further reference. Thanks for the information. I will remove the workaround in PDFsam

Bug#929483: robocode: Class not found program wont start

Control: severity -1 grave On Fri, 24 May 2019 13:45:04 +0200 Bardot Jerome wrote: [...] > Can't find robocode.core-1.x.jar module near to robocode.jar > Class path: /usr/share/java/robocode.jar Thanks for reporting. This is another Java 11 issue. It seems we have to explicitly add some jar

Bug#929266: axis: CVE-2019-0227

Hi, On Mon, 20 May 2019 12:20:31 +0200 Sylvain Beucler wrote: > Package: axis > X-Debbugs-CC: t...@security.debian.org > Tags: security > > Hi, > > The following vulnerability was published for axis. > > CVE-2019-0227[0]: > | A Server Side Request Forgery (SSRF) vulnerability affected the

Bug#929177: jackson-databind: CVE-2019-12086

Package: jackson-databind X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, I will take care of this one myself. The following vulnerability was published for jackson-databind. CVE-2019-12086[0]: | A Polymorphic Typing issue was discovered in FasterXML jackson- |

Bug#925509: netbeans: Netbeans not usable with java in Buster

Hi Jochen, Am 03.05.19 um 13:47 schrieb Jochen Sprickerhof: [...] > This is due to libnb-javaparser-java which is still on the jdk-9 > version. [...] > So one way would be to get this packaged (maybe rename nb-javac-9-*.jar > to nb-javac-11-*.jar) and convince the release team to include

Bug#925509: netbeans: Netbeans not usable with java in Buster

Hi, Am 02.05.19 um 20:56 schrieb Jochen Sprickerhof: [...] > I had a look into this was able to create new projects when I remove the > nb-javac.patch. @Markus do we really need it? The nb-javac patch is necessary, otherwise the nb-javac module is not properly detected at runtime. You should see

Bug#888547: CVE-2017-1000190

Hi, Am 13.04.19 um 11:31 schrieb Ivo De Decker: [...] > It is possible to remove the test-dependency (probably by disabling the > tests)? That way simple-xml could be removed from buster. Even if we don't do > this for buster, it might be good to do this for bullseye anyway, if the > package

Bug#916145: closure-compiler: Not working with recent JS code

Am 07.04.19 um 20:36 schrieb Adrian Bunk: > On Sun, Apr 07, 2019 at 11:12:30AM -0700, tony mancill wrote: >> ... >> Somewhat related, given that closure-compiler upstream releases about >> once a month on average, perhaps it is a candidate for doing Something >> Different. > > That's pretty

Bug#925509: netbeans: Netbeans not usable with java in Buster

Hello Jaroslav, On Mon, 01 Apr 2019 09:03:31 +0200 Jaroslav Tulach wrote: [...] > Hello Markus, > it would be better to have a whole NetBeans log file instead of just the > stack > trace. Then we could see classpath, list of enabled modules and may be deduce > more. > > Best regards. > -jt

Bug#923759: Update

Hi, Am 31.03.19 um 20:59 schrieb Dominik Stadler: > I think the current changes do not properly fix this, I created > https://salsa.debian.org/java-team/netlib-java/merge_requests/2 with the > set of changes based on previous patches that I think would make the > classes be built again and also

Bug#925964: activemq: CVE-2019-0222

Package: activemq X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for activemq. CVE-2019-0222[0]: | In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame | can lead to broker Out of Memory exception making it

Bug#925509: netbeans: Netbeans not usable with java in Buster

Control: forcemerge 925509 925510 Control: severity -1 serious Am 25.03.19 um 23:26 schrieb Wouter Wijsman: [...] > A java.lang.NoSuchMethodError exception has occurred. > Please report this at > https://issues.apache.org/jira/projects/NETBEANS/issues, > including a copy of your messages.log

Bug#923759: One step ahead but compile errors (Was: netlib-java contains nealy empty jar)

version. Cheers, Markus From: Markus Koschany Date: Mon, 25 Mar 2019 14:44:22 +0100 Subject: URLClassLoader --- src/org/netlib/generate/JavaGenerator.java | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/org/netlib/generate/JavaGenerator.java b/src/org/netlib

Bug#923759: One step ahead but compile errors (Was: netlib-java contains nealy empty jar)

, well explained here: http://java9.wtf/class-loading/ (I love the homepage name) I tried to follow the solution and hope it helps. Regards, Markus From: Markus Koschany Date: Mon, 25 Mar 2019 14:44:22 +0100 Subject: URLClassLoader --- src/org/netlib/generate/JavaGenerator.java | 17

Bug#923330: jajuk: Fails to start with Java Runtime Environment 1.7 minimum required. You use a JVM ext.JVM@23fc625e

Hi, Am 24.03.19 um 20:41 schrieb Bertrand Florat: > Hi, > > FYI, the develop branch of jajuk works with the revival of substance > (radiance), it works for instance with radiance-substance 2.0.1. > > See https://github.com/kirill-grouchnikov/radiance Thanks for the hint. Unfortunately

Bug#923330: jajuk: Fails to start with Java Runtime Environment 1.7 minimum required. You use a JVM ext.JVM@23fc625e

Hi Andreas, Am 24.03.19 um 18:09 schrieb Andreas Tille: > Hi Markus, > > you have set this bug pending but the fix seems not to be uploaded until > now. The package would have been removed from testing without my ping > of the bug (which is the only thing I intend to do here. > > Kind regards

Bug#924594: Build-depend on icedtea-netx instead of icedtea-netx-common

On Thu, 14 Mar 2019 19:53:28 +0100 Matthias Klose wrote: > Package: src;sweethome3d > Version: 6.1.2+dfsg-1 > Severity: serious > Tags: sid buster > > Build-depend on icedtea-netx instead of icedtea-netx-common (nbs). > > Patch at >

Bug#924339: javahelper regressed building -doc packages

Control: reassign 924328 javahelper Control: forcemerge 924339 924328 Control: affects 924328 src:android-platform-build Control: retitle 924328 javahelper: jh_build regressed for -doc packages This issue is caused by the fix for #887666 https://bugs.debian.org/887666 It is not related to the

Bug#923364: FTBS: Can't build against bouncy-castle build with newer jdk

Control: severity -1 important On Sat, 2 Mar 2019 15:38:51 +0100 Markus Koschany wrote: [...] > Could you elaborate on why this is a bug in libitext-java and how this > is connected to bouncycastle? Unfortunately you haven't responded to my last email. I can't reproduce this be

Bug#912549: icedtea-web FTBFS with OpenJDK 11

Am 13.03.19 um 17:47 schrieb Matthias Klose: > On 13.03.19 10:54, Andreas Tille wrote: >> On Tue, Mar 12, 2019 at 11:41:22AM +0100, Andreas Tille wrote: >>> Michael Crusoe has suggested a workaround[1]. What do you think about >>> this? >> >> In case there is no answer to this question I assume

<    1   2   3   4   >