Your message dated Tue, 15 Feb 2011 19:58:29 +0000
with message-id <e1ppr2b-00063q...@franck.debian.org>
and subject line Bug#611849: fixed in eclipse 3.5.2-6squeeze2
has caused the Debian Bug report #611849,
regarding CVE-2010-4647/CVE-2008-7271: XSS in help browser application
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
611849: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611849
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: eclipse
Severity: important
Tags: security
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7271
Red Hat has a good description and links to patches:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4647
This doesn't warrant a DSA, but you could fix this in Squeeze
in a point update.
Cheers,
Moritz
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: eclipse
Source-Version: 3.5.2-6squeeze2
We believe that the bug you reported is fixed in the latest version of
eclipse, which is due to be installed in the Debian FTP archive:
eclipse-jdt_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-jdt_3.5.2-6squeeze2_i386.deb
eclipse-pde_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-pde_3.5.2-6squeeze2_i386.deb
eclipse-platform-data_3.5.2-6squeeze2_all.deb
to main/e/eclipse/eclipse-platform-data_3.5.2-6squeeze2_all.deb
eclipse-platform_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-platform_3.5.2-6squeeze2_i386.deb
eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
eclipse-rcp_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-rcp_3.5.2-6squeeze2_i386.deb
eclipse_3.5.2-6squeeze2.debian.tar.gz
to main/e/eclipse/eclipse_3.5.2-6squeeze2.debian.tar.gz
eclipse_3.5.2-6squeeze2.dsc
to main/e/eclipse/eclipse_3.5.2-6squeeze2.dsc
eclipse_3.5.2-6squeeze2_all.deb
to main/e/eclipse/eclipse_3.5.2-6squeeze2_all.deb
libequinox-osgi-java_3.5.2-6squeeze2_all.deb
to main/e/eclipse/libequinox-osgi-java_3.5.2-6squeeze2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 611...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niels Thykier <ni...@thykier.net> (supplier of updated eclipse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Feb 2011 12:46:51 +0100
Source: eclipse
Binary: eclipse eclipse-jdt eclipse-pde eclipse-platform eclipse-platform-data
eclipse-plugin-cvs eclipse-rcp libequinox-osgi-java
Architecture: source all i386
Version: 3.5.2-6squeeze2
Distribution: stable
Urgency: low
Maintainer: Debian Orbital Alignment Team
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Niels Thykier <ni...@thykier.net>
Description:
eclipse - Extensible Tool Platform and Java IDE
eclipse-jdt - Eclipse Java Development Tools (JDT)
eclipse-pde - Eclipse Plug-in Development Environment (PDE)
eclipse-platform - Eclipse platform without plug-ins to develop any language
eclipse-platform-data - Eclipse platform without plug-ins to develop any
language (data)
eclipse-plugin-cvs - Eclipse Team Integration (CVS support)
eclipse-rcp - Eclipse Rich Client Platform (RCP)
libequinox-osgi-java - Equinox OSGi framework
Closes: 611849
Changes:
eclipse (3.5.2-6squeeze2) stable; urgency=low
.
* Backported patch for CVE-2010-4647. (Closes: #611849)
- Fixes XSS in help browser application.
Checksums-Sha1:
d742dc937f3bcc56fdb2063b09a1b9fb07b60cd6 3272 eclipse_3.5.2-6squeeze2.dsc
99d161161a1e711d6d2846cce67003012bdb0378 100040
eclipse_3.5.2-6squeeze2.debian.tar.gz
76419b0b6ee6ce78a02c56206f7f022e43ee457e 47040 eclipse_3.5.2-6squeeze2_all.deb
c2800c3bb2f8573cc934e603cfdf6a3e3bd00f99 40006884
eclipse-jdt_3.5.2-6squeeze2_i386.deb
16c568727c603ec309b3bb85ca6c1f2baeda5f89 16098146
eclipse-pde_3.5.2-6squeeze2_i386.deb
990b9596e6e896d7b0a9560ee1f508dde42bcd18 40302504
eclipse-platform_3.5.2-6squeeze2_i386.deb
cd9dd3c10d09c3a908da9ca99b861ba33314c02c 29628358
eclipse-platform-data_3.5.2-6squeeze2_all.deb
dd4b3721748cbb9eab0c30e6a4d356a3402bdf9e 3189806
eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
4d07e5048909d3942eb352e22c849972155e9126 15734512
eclipse-rcp_3.5.2-6squeeze2_i386.deb
e954807a31fae279b10386c64b8384a4836af34e 3222294
libequinox-osgi-java_3.5.2-6squeeze2_all.deb
Checksums-Sha256:
3d95b2d20794ae1493adafeda4bfee6b365aa7744d97dcfb01533ce5923bf957 3272
eclipse_3.5.2-6squeeze2.dsc
94c8e55b1a7f8996efc2ce989ca89f32d920c9884cb712097bd0e2b4b8fa160b 100040
eclipse_3.5.2-6squeeze2.debian.tar.gz
03f83bcc316cdf46557b6f9a849c6d2d2e7ab3ceedf515eb90208872d1fb02bf 47040
eclipse_3.5.2-6squeeze2_all.deb
de1f7e33a916b038e4442583e8d86bbe2cc62128cf0de8e4df019385cedaa718 40006884
eclipse-jdt_3.5.2-6squeeze2_i386.deb
d945ad029af3ddb927bae23532544b20b1804d8107a2d00ec64f0d950a5f20a7 16098146
eclipse-pde_3.5.2-6squeeze2_i386.deb
33c18f942430ff57f760690b7f61dc308d1d69a979088b95c3d97459c897d87b 40302504
eclipse-platform_3.5.2-6squeeze2_i386.deb
7bb68a6e3e5167cf5400f83d5abf55fe5f6dcee5468b4d6c61583eb5ac8eeb50 29628358
eclipse-platform-data_3.5.2-6squeeze2_all.deb
abe36251edbe15cb6da844593569413e25d1687cd0a200f592729a0e7dd8e941 3189806
eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
153689f6d2a5c87961a943bd8ce0a2efab77d89a3796df38e1a6d4ba6d95490c 15734512
eclipse-rcp_3.5.2-6squeeze2_i386.deb
64283b709b527046e4e5d883862653ebe7cf9e2c31c875a85ee2c380e9c354ab 3222294
libequinox-osgi-java_3.5.2-6squeeze2_all.deb
Files:
e23e2d48c82e02a6bbba6b7185916b56 3272 devel optional
eclipse_3.5.2-6squeeze2.dsc
3693f54029a35eab75fb08ffcc1b18fd 100040 devel optional
eclipse_3.5.2-6squeeze2.debian.tar.gz
88f64f9132195fc5fbdaad4cc3619bfd 47040 devel optional
eclipse_3.5.2-6squeeze2_all.deb
d6f5f9b4a25fcdf68cf525034b1417ac 40006884 devel optional
eclipse-jdt_3.5.2-6squeeze2_i386.deb
a0fc981a7e6cda689f358fc43e218c78 16098146 devel optional
eclipse-pde_3.5.2-6squeeze2_i386.deb
2cdaf1c37a12e0afed97f59d74635de8 40302504 devel optional
eclipse-platform_3.5.2-6squeeze2_i386.deb
468ad8a33bbfd88e820659fbcac8309e 29628358 devel optional
eclipse-platform-data_3.5.2-6squeeze2_all.deb
e00b0d89171eca10cf216263336953c7 3189806 devel optional
eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
1250fa4674ec95a5ddfa8e14cb8d1bbf 15734512 devel optional
eclipse-rcp_3.5.2-6squeeze2_i386.deb
5f080cae6df5537ac381c4625ff0d3fa 3222294 java optional
libequinox-osgi-java_3.5.2-6squeeze2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJNWozLAAoJEAVLu599gGRCptgQAIbKiyJxpBEv1tyzFrbIEVEo
NutWQ5exDFsg5BqwUuiiwkmis3CSKsX/UA2JHla9uNaPRs1c+2rbbCla8hkb5GSI
4LEX9n+yg3KRdJTGIGKcfunvHBgtiIwRMBrKLNFGV+TkGHYYgaeiuctclS4Pzv0M
qjjAucI9LEk4UN5oEEaaVK+rjyaIxMorfJ55UOof2tU0XQyfwBuUs5s24iDmPD9v
ER0aK+7sXSlQdaGKXwbBt7G3SCKVSRCtFu1YTnQy8YA+I4XbxLJydkA6jCVFlqXY
CmoKA0Dy1ZzpjQ0yfsjR6FzMn5ESNF1sKsQknlPbfKX+A0FNYuCPuzTSA7s/SLxZ
ov5vcUGMgM6L0+PwDBXOVrUiCHmsrZGcphOR2xdu9uMmBJ+LLnOvF+i/6+rgUybV
QPHwhKmewZu59YSpPoVn+Ckm6r4rJRTXXk61ZCBtlX0Gd3KHP9bFQHXqCad0RKDz
ZOCb1MiiLhhmPd/WfdaYUGwWtExTYaeAHFaa6DmgvhR/jsxA+lKYdSLePYgmptks
msdkVupVgCoo8H3lSqOH36z6/9dz2X5ZhEKbpFmLmSxee6kH6EDRv/bziqp5eldt
si8bzWMXrNObvbHvHUe2MlGqlVE/73NOMCNoTibyCuxHyeFTW2YRppczUhsojgW0
EaHxNOkzclIqaZkG3AAc
=yB61
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers>. Please
use
debian-j...@lists.debian.org for discussions and questions.
