Hi,
seems the package is ready for an upload. Any reason why this is not
done? I could sponsor an upload or NMU if this would help.
Kind regards
Andreas.
--
http://fam-tille.de
__
This is the maintainer address of Debian's Java team
Hi,
I've uploaded the two packages to mentors.debian.net.
We must solve the two bugs at the same time because axis uses
commons-httpclient.
Upstream seems End-of-life and rejected the patches.
El mié, 05-12-2012 a las 16:43 +0100, Andreas Tille escribió:
Hi,
seems the package is ready for
Hi Alberto,
On Wed, Dec 05, 2012 at 06:01:51PM +0100, Alberto Fernández wrote:
I've uploaded the two packages to mentors.debian.net.
We must solve the two bugs at the same time because axis uses
commons-httpclient.
I guess you mean bug #692442, right?
Upstream seems End-of-life and
Hi Andreas
I've uploaded both packages to mentors.
commons-httpclient - bug #692442 CVE-2012-5783
axis - bug #692650 CVE-2012-5784
Since axis uses commons-httpclient, we need fix and upload both
packages.
Upstream has ignored axis patch, and rejected commons-httpclient patch.
Basically, they
Hi Andreas
I've uploaded both packages to mentors.
commons-httpclient - bug #692442 CVE-2012-5783
axis - bug #692650 CVE-2012-5784
Since axis uses commons-httpclient, we need fix and upload both
packages.
Upstream has ignored axis patch, and rejected commons-httpclient patch.
Hi All
The upstream patch for CVE-2012-5783 referred to in Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=873317#c3
Is the 4.x patch. As you've noted, there is no 3.x patch available and
upstream won't provide one because it is EOL. I think Alberto's patch
looks sane (from a
Hi,
thanks for the additional information. Please note that I uploaded the
NMUed packages yesterday. In case the just one small issue mentioned
by David below is serious above please reopen the bug report to prevent
migration to testing (I also filed unblock request bugs).
Kind regards
Package: tomcat6
Severity: grave
Tags: security
Justification: user security hole
More Tomcat security issues have been disclosed:
http://tomcat.apache.org/security-6.html
The page contains links to the upstream fixes.
BTW, is there a specific reason why both tomcat6 and tomcat7 are present in
Package: tomcat7
Severity: grave
Tags: security
Justification: user security hole
New security issues in Tomcat have been disclosed:
http://tomcat.apache.org/security-7.html
The page contains links to upstream fixes.
Cheers,
Moritz
__
This is the maintainer address of Debian's Java
9 matches
Mail list logo