Your message dated Wed, 05 Dec 2018 18:52:03 +0000
with message-id <[email protected]>
and subject line Bug#908836: fixed in resteasy3.0 3.0.26-1
has caused the Debian Bug report #908836,
regarding resteasy3.0: CVE-2017-7561: Vary header not added by CORS filter
leading to cache poisoning
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
908836: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908836
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: resteasy
Version: 3.1.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1704
Hi,
the following vulnerability was published for resteasy.
CVE-2017-7561[0]:
Vary header not added by CORS filter leading to cache poisoning
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7561
[1] https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1704
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: resteasy3.0
Source-Version: 3.0.26-1
We believe that the bug you reported is fixed in the latest version of
resteasy3.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated resteasy3.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 05 Dec 2018 19:10:51 +0200
Source: resteasy3.0
Binary: libresteasy3.0-java
Architecture: source
Version: 3.0.26-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Description:
libresteasy3.0-java - RESTEasy 3.0 -- Framework for RESTful Web services and
Java appli
Closes: 908836
Changes:
resteasy3.0 (3.0.26-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2017-7561 (Closes: #908836)
- update maven.rules & ignoreRules
- update libresteasy3.0-java.poms
- drop 01-ignore-tjws.patch and 02-servlet-api-compatibility.patch
- refresh other patches
* Replace build-dep on libtomcat8-java with
libgeronimo-annotation-1.3-spec-java.
* Drop libscannotation-java from build-depends and classpath, it got
removed in 3.0.7.
Checksums-Sha1:
81e283914fea0b66d64b1c42cc5f242a33ad3ca5 2478 resteasy3.0_3.0.26-1.dsc
436481bef27b4ff00b3ec239f44688422af068e1 7667678 resteasy3.0_3.0.26.orig.tar.gz
21791c9cff8dd5aa907c66bde780a992a51ec059 6652
resteasy3.0_3.0.26-1.debian.tar.xz
4b6517fa56d088ae46bcdd184c0b497dae93259b 6064
resteasy3.0_3.0.26-1_source.buildinfo
Checksums-Sha256:
e4b07880ec30ab8f4550d20d8099475d2ec5b693bc6cb9a15b38ebaf087a8f33 2478
resteasy3.0_3.0.26-1.dsc
aef6fedffdfad81dd170b94245de83ab1baa24ebf8a8bf84e562ab4544968afe 7667678
resteasy3.0_3.0.26.orig.tar.gz
f5014d7323d42fe3a709741941cec1ae66209e6dbe4fa17d8e24f867224fd166 6652
resteasy3.0_3.0.26-1.debian.tar.xz
155e6b439b26cba1483b868e0c5902a8402c1ef817c83cf956a15f409c34e8e8 6064
resteasy3.0_3.0.26-1_source.buildinfo
Files:
3e04c98ee68f34d4dbd81e00762606df 2478 java optional resteasy3.0_3.0.26-1.dsc
0a2cd0ae452e35ad5281b6784ac39240 7667678 java optional
resteasy3.0_3.0.26.orig.tar.gz
2d915eb0a8a5d8b3401b840dc0fd064a 6652 java optional
resteasy3.0_3.0.26-1.debian.tar.xz
9952d6778081705b934af5f8b965e60b 6064 java optional
resteasy3.0_3.0.26-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAlwICQMACgkQy3AxZaiJ
hNyySw/9Hqh3Xmrrn4Ko2xHCqqCaMtJNUsbOg5v9coyDfh23Fz7/ARVJv9TELQvS
uu+vYPkK5Bv5mcEOCIr6Uk9bTVDItyHaXaj+EjvTWnprNHLTB+YHTH2WS+/o59zM
nBrBzbShtJqShMnB6TrVOiXoYeOByV1qgtUpNv4P43K9TfaF8MQ1Lz6r3zDmFH9E
Vqk1cwywPgPsqGUDv5VCCjzIPlE3Ck79+CmtU8rwOE5Fhl467w/mcddN/AkZVPiN
CWR7gYB6LbdbD3ekwN67ZN/ztym6hdOf5wBNT308mEO+Q8kEnEoWbllXt97quMae
+UQBKcG9cAM/frKtIgDPg2q6y+ODd7yXRQ69gFMkqTDXuDu0IsTsFf5TFRqU2CzX
t8U808eTeNosyfpRDUvYQCU4JLnHs/RXzLBjXjy97l2RGgyYDxYc31ORlljCD6D2
u5IJeDseFQeZEQPL5uc/12fhWGOi1RxOiT+s6SxzMUzH6qrko6zUdgT92sDrn8TW
wbidWbk+8DoMHyegdXNwdiww/nEgolq87vwtlvPiKVfV9bqTZAxNaecND3LvXl4R
BPcwDDpxh+XJ+WvBqVaFRR7bbMs7Q7iY5LujAS8vDpFCoF15C6pU3nbwZmkvFZBQ
BJzPRi93ytX99VkR42LUlZwkShjE7cClOxw4Vj4sq+GNiVi6Ihc=
=y9YI
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
