Your message dated Sun, 03 Dec 2023 11:12:26 +0000
with message-id <[email protected]>
and subject line Bug#800986: fixed in libowasp-antisamy-java 1.7.4-1
has caused the Debian Bug report #800986,
regarding libowasp-antisamy-java: depends on obsolete
libcommons-httpclient-java library
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
800986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800986
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libowasp-antisamy-java
Severity: normal
User: [email protected]
Usertags: oldlibs libcommons-httpclient-java
Hi,
libowasp-antisamy-java depends on libcommons-httpclient-java, which is obsolete
and was
replaced by libhttpclient-java. It has reached EOL status in 2011! It is no
longer supported upstream [1] and was affected by multiple security issues in
the recent past. libowasp-antisamy-java should be ported to the new
libhttpclient-java
version, so that we can remove the old, unmaintained one. Please forward this
issue upstream, if you can't migrate the package yourself.
We would like to see libcommons-httpclient-java removed during the Stretch
release cycle but due to the large number of reverse-dependencies the outcome
depends more than ever on your help.
Please help us to accomplish this goal. We will bump this issue to important
when the list of rdeps is getting smaller and we think that the removal is
possible. We will eventually raise the severity to serious when the number
of rdeps is small.
If you have any questions don't hesitate to ask and contact us on
[email protected]
Regards,
Markus
[1] https://hc.apache.org/httpclient-3.x/
[2]
https://security-tracker.debian.org/tracker/source-package/commons-httpclient
--- End Message ---
--- Begin Message ---
Source: libowasp-antisamy-java
Source-Version: 1.7.4-1
Done: Markus Koschany <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libowasp-antisamy-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated libowasp-antisamy-java
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 03 Dec 2023 11:32:40 +0100
Source: libowasp-antisamy-java
Architecture: source
Version: 1.7.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Closes: 800986 1010154 1014981 1054164
Changes:
libowasp-antisamy-java (1.7.4-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 1.7.4.
- Fix CVE-2023-43643, CVE-2022-28367, CVE-2022-28366, CVE-2021-35043,
CVE-2017-14735, CVE-2016-10006. (Closes: #1054164, #1010154, #1014981)
- Drop obsolete libcommons-httpclient-java library from Build-Depends.
(Closes: #800986)
* Switch to dh-sequencer and debhelper-compat = 13.
* Declare compliance with Debian Policy 4.6.2.
* Build-depend on libfindbugs-annotations-java, libhttpclient5-java and
libhttpcore5-java.
* Add neko-htmlunit.patch, so that we don't have to package the new
neko-htmlunit fork.
* Override lintian error source is missing because those files are only
needed for the tests.
* Drop binary package libowasp-antisamy-java-doc.
Checksums-Sha1:
6b4684142870f52334f9ecb46687050481ae3ea7 2357
libowasp-antisamy-java_1.7.4-1.dsc
3e958ea3443e817471343560585da6e7decb50a0 3982916
libowasp-antisamy-java_1.7.4.orig.tar.gz
3639139ed828453cc8284f9ffaf8675b0ff2b931 4508
libowasp-antisamy-java_1.7.4-1.debian.tar.xz
acb19ce0850da43698d20900260b758056dc4c4a 14355
libowasp-antisamy-java_1.7.4-1_amd64.buildinfo
Checksums-Sha256:
ddf6b481e1afbf6bb873f67fce5d8a33375cb8f4ca972ddfe1eeec14eb552bc0 2357
libowasp-antisamy-java_1.7.4-1.dsc
4742a244adcb679e34443534d954f5a10ecfbd10776438157ab276908a1391fe 3982916
libowasp-antisamy-java_1.7.4.orig.tar.gz
fbfbfc983330e27a39b8c0e9c690c0bbbd163e94698cef3c1df64380500cb557 4508
libowasp-antisamy-java_1.7.4-1.debian.tar.xz
3ce85384c9186909ab0e7df54f9f859a34a5db85d669f909be55619a2a21b523 14355
libowasp-antisamy-java_1.7.4-1_amd64.buildinfo
Files:
2a3fa6405e95c2edcfd7b1c53505edd4 2357 java optional
libowasp-antisamy-java_1.7.4-1.dsc
2e3dcb7134a6cbedc001733d5a94de41 3982916 java optional
libowasp-antisamy-java_1.7.4.orig.tar.gz
7b30a1b6684e3d868937a9b80277264b 4508 java optional
libowasp-antisamy-java_1.7.4-1.debian.tar.xz
d56ef8dacdaad85a3ed5a4997d6bea1e 14355 java optional
libowasp-antisamy-java_1.7.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVsW9NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkjG4P/RPB1AdL4yMlbTnHk77r1nvqmRcwhZkf2U0y
0tEL3KPYxIk65uc3oQN7J167j8bXZDtFwd1yV9jWgId0ruCO4wSRa1/etM7I1rUL
xLJ0p4+3WCgMUzABdPC8wrWzqhCrXBwD/m+Wh5knwqru24zIFXF4Wwafq16RjBwI
/synTl4n1IaHUD2fyRC7ITJy3gOlHqSPLq2k8U21vHwoddsAB+l/GRnRDX2uQy2e
mi3Iv9psp/TM3wmOsoPw9xPogThNj5hDLGkrhrL0BDPIt3b3WrStnjylQAJfsIOB
iuDcCSas01kIyt6LBlI5PoVYR3g3+U8UdYhCozkZJC+FFODCc3z2msS+nVffzjwF
KDJ146zO4hstMQywjLB6OdGkNWk6RWmNsQl9w9KJcyx7gyHnyS50a8XSzexZuNLR
YGs5B8y6+37cdRwjVK1xS9TjXMiLcWIG+S46Tha6EdH1J/1dyi9V+1ZTzlUIS7Uq
Tk3ejEKsk+KDa8XmNhO/UJeNKppUknnK4uq7DT0rk6Dw40g5qJmnwgiXqGmKTSZq
0NE+4XkmEisWjjwHwRNTLHWBzvAKQDga/rsfc7oQwAcUEWsfUf6E8Ts/JGd2g4xS
fC63MBvGup7osTULIVUx4U5jhhqtq5tmKGkqEeL+uf7rmlI6gUqGkHp+aK1LP95b
CmytwZaj
=1tLF
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
