maven_3.0.5-4_amd64.changes uploaded successfully to localhost
along with the files:
maven_3.0.5-4.dsc
maven_3.0.5-4.debian.tar.xz
maven_3.0.5-4_all.deb
Greetings,
Your Debian queue daemon (running on host franck.debian.org)
__
This is the maintainer address of Debian's Java team
Hello Emmanuel,
On Tue, 24 Feb 2015, Emmanuel Bourg wrote:
CVE-2011-3923 seems to be a Struts vulnerability, why is it assigned to
Spring?
I asked Salvatore Bonaccorso car...@debian.org to review this since
he confirmed that assignation a while ago... he double checked and
it was a mistake
Thank you for the report Moritz.
According to the Bugzilla report the issue happens when BCrypt.gensalt()
is called with the value 31. jenkins is the only package using this
library and it calls this method with no parameter [1], the default
value being 10 [2].
So I don't think this issue is
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 08 Mar 2015 19:25:12 -0300
Source: maven
Binary: maven
Architecture: source all
Version: 3.0.5-4
Distribution: experimental
Urgency: medium
Maintainer: Debian Java Maintainers
Your message dated Mon, 9 Mar 2015 16:11:29 +
with message-id 1f3cfa9e-e967-484d-9f06-9822dfe6c...@hp.com
and subject line
has caused the Debian Bug report #779112,
regarding libjnr-constants-java, libconstantine-java: error when trying to
install together
to be marked as done.
This means
Package: libjbcrypt-java
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886
http://www.mindrot.org/projects/jBCrypt/news/rel04.html
https://bugzilla.mindrot.org/show_bug.cgi?id=2097
Cheers,
Moritz
6 matches
Mail list logo