Your message dated Sun, 03 Nov 2019 20:44:54 +0000
with message-id <[email protected]>
and subject line Bug#924598: fixed in checkstyle 8.26-1
has caused the Debian Bug report #924598,
regarding checkstyle: CVE-2019-9658: loads external DTDs by default
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
924598: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924598
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: checkstyle
Version: 8.15-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for checkstyle.
CVE-2019-9658[0]:
| Checkstyle before 8.18 loads external DTDs by default.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-9658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9658
[1] https://github.com/checkstyle/checkstyle/issues/6474
[2] https://github.com/checkstyle/checkstyle/issues/6478
[3] https://github.com/checkstyle/checkstyle/pull/6476
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: checkstyle
Source-Version: 8.26-1
We believe that the bug you reported is fixed in the latest version of
checkstyle, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
tony mancill <[email protected]> (supplier of updated checkstyle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 03 Nov 2019 11:56:14 -0800
Source: checkstyle
Architecture: source
Version: 8.26-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: tony mancill <[email protected]>
Closes: 913216 924598 944065
Changes:
checkstyle (8.26-1) unstable; urgency=medium
.
* Team upload
* New upstream version 8.26 (Closes: #924598)
* Refresh patches
* Add picocli to jars resolved by the wrapper script (Closes: #944065)
* Bump Standards-Version to 4.4.1
* Remove sunmin5 from arguments to find_java_runtime (Closes: #913216)
* Use https URL for debian/copyright Format URI
* Use debhelper 12
Checksums-Sha1:
4427461b8057f6b9c25c70d489f51c3757633a34 2492 checkstyle_8.26-1.dsc
411debf91361f1e3b18e706cfa833ddc504f1c7d 3772616 checkstyle_8.26.orig.tar.xz
12f5ce8e2353904eb811a94e7c17b2f5911b654a 7984 checkstyle_8.26-1.debian.tar.xz
5f249b855cd32761407fd12de1bf42d5fee44675 15977
checkstyle_8.26-1_amd64.buildinfo
Checksums-Sha256:
c219d98b252efa8b636ab9ec67c732cdad037fa0ae2de369e52c3bbfb952b5e1 2492
checkstyle_8.26-1.dsc
28afcde368e325170bcdebc32074f089aab8f8e8324e15add75f666967725b7b 3772616
checkstyle_8.26.orig.tar.xz
2f4661fc815e131ff7a0cc995883d4f7081df3345f419eade4c2ef8448f88383 7984
checkstyle_8.26-1.debian.tar.xz
4efb5f7390ea2e02c01e946f8203b3a8a7ccbe540dd77be40ae507726dca445a 15977
checkstyle_8.26-1_amd64.buildinfo
Files:
9a62a433920ce9b911d0803c26adefe6 2492 java optional checkstyle_8.26-1.dsc
03604f04927104aa559662906e9d4893 3772616 java optional
checkstyle_8.26.orig.tar.xz
d333f3593250a3fc2e216e0292f9c9f2 7984 java optional
checkstyle_8.26-1.debian.tar.xz
94c855f199a181feff9bfb9265ea366d 15977 java optional
checkstyle_8.26-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAl2/N8kUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpafIxAAgjwyuLRVYgEc8C3HXmiROeGm7GXW
AR+SfQEfYCAI/qqe5EpOxFaVNQOle6S4IQ9xh4vdfJLVFHok7hDZWmRbDwBTfPlX
8K0LW5jdXeJc92XBktMh759TOPKZ3e6JH19zaZxLuPSCQRiu7DZFvR+KZCQA5g/5
kBwbC3mkRraCUXkFogj4hvDL3MtOEkY8aJhl3tmblenLaoOV9BcumCuBQ80mIFs2
1UnusLqxnHeh+QppgaJXFBiVOvOo46kXsHjDMPL01V2XhgFdwZJp7BXDcMiU6sY1
pJ3Jq9F+SswchWWFoSOUZjnpeqXreEMaxoX9wAN+liu4NiuHHh9EaE9Sg2dj3WHp
H+f0qZXzwzNAQdwK4hkev0i6KgGAQR7M0ZqSidmgQIvhu80gr73vdXGFZmfyOe+r
FhIbiUDibo8U75iZMgbs+13VfXZ99fwrh/7KJSJZt2MxwmpTSD2h5jJmXrTKXkmu
s3paj4qgYcDqXirdS7R6yQ4MPcaFJ5o4rNgVIj/emX6+96ge1AgaPR4Nr1fw8tYL
Cf+5pjvTQui2/44hXjq6FM5Ja2oUy3Wyj5LDXcfT5o2AWexcrFde6XTjX4Q03ghc
30H5VOpg5yyc+x0wVHS+i6t7rsUizP5wOvG09mssHt2/C2I77xByFcH3r+JQXDPM
xs8/Zw50wLeJBqI=
=bf1j
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
