Your message dated Tue, 15 Feb 2011 19:58:29 +0000
with message-id <[email protected]>
and subject line Bug#611849: fixed in eclipse 3.5.2-6squeeze2
has caused the Debian Bug report #611849,
regarding eclipse: cross-site scripting vulnerability in the help webapps
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
611849: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611849
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: eclipse-platform
Version: 3.5.2-6squeeze1
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi
These are reported as CVE-2008-7271 and CVE-2010-4647, which appear to be the
(nearly) same issue. Upstream has fixed this with [1] and has made its way
into our git repositories in the upstream-3.6 branch[2].
~Niels
[1] https://bugs.eclipse.org/bugs/attachment.cgi?id=130767
[2]
http://git.debian.org/?p=pkg-java/eclipse.git;a=commitdiff;h=68f899e621857ab6f44c7926b80c1da742bf7adf;hp=c4581570d622c04e03188f20aeb9f2149dff5724
- -- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages eclipse-platform depends on:
ii ant 1.8.0-4 Java based build tool like make
ii ant-optional 1.8.0-4 Java based build tool like make -
ii default-jre [java6-runti 1:1.6-40 Standard Java or Java compatible R
ii eclipse-platform-data 3.5.2-6squeeze1 Eclipse platform without plug-ins
ii eclipse-rcp 3.5.2-6squeeze1 Eclipse Rich Client Platform (RCP)
ii gcj-4.4-jre [java5-runti 4.4.5-2 Java runtime environment using GIJ
ii gcj-jre [java5-runtime] 4:4.4.5-1 Java runtime environment using GIJ
ii java-common 0.40 Base of all Java packages
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcommons-codec-java 1.4-2 encoder and decoders such as Base6
ii libcommons-el-java 1.0-6 Implementation of the JSP2.0 Expre
ii libcommons-httpclient-ja 3.1-9 A Java(TM) library for creating HT
ii libcommons-logging-java 1.1.1-8 commmon wrapper interface for seve
ii libjasper-java 5.5.26-5 Implementation of the JSP Containe
ii libjetty-java 6.1.24-6 Java servlet engine and webserver
ii libjsch-java 0.1.42-2 pure Java implementation of the SS
ii liblucene2-java 2.9.2+ds1-1 Full-text search engine library fo
ii libservlet2.5-java 6.0.28-9 Servlet 2.5 and JSP 2.1 Java API c
ii openjdk-6-jre [java6-run 6b18-1.8.3-2 OpenJDK Java runtime, using Hotspo
ii perl 5.10.1-17 Larry Wall's Practical Extraction
ii sat4j 2.2.0-3 Efficient library of SAT solvers i
ii sun-java6-jre [java6-run 6.22-1 Sun Java(TM) Runtime Environment (
Versions of packages eclipse-platform recommends:
ii eclipse-pde 3.5.2-6squeeze1 Eclipse Plug-in Development Enviro
Versions of packages eclipse-platform suggests:
ii eclipse-jdt 3.5.2-6squeeze1 Eclipse Java Development Tools (JD
Versions of packages eclipse-platform is related to:
ii eclipse-jdt 3.5.2-6squeeze1 Eclipse Java Development Tools (JD
ii eclipse-pde 3.5.2-6squeeze1 Eclipse Plug-in Development Enviro
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJNSQp4AAoJEAVLu599gGRCbdQP/0Ia6qMqbmo83im1YAfRMTHk
qSzBvYXs339p8AEVkE2dtFc/vxujsMcKINFdJrSJLCYAeXuTeUQWNQJGwuFVmCTC
FqDPzqriQ22Tzf9zbxBjp4aaCETYTb5cEJSn9iC527SaJxWAxey+WKK3gE7vKQBs
YrxxjfQIGq9dKcX3d9/zM5mogTfeC2O1dEVALs1Zo/DaiPZwu/E77RVxjo4mqz47
mBX08bwyncgRcGfHpTfDmk5KoiUxBjpj/bUjXNgfgbiaHrDMXXoj4zFYHXyovxnC
oQEU1HcX6hmMZDgOc5hLSaMKXs44Y/ZBRrZvsW6AOh0eqSC/EdX/85QbTkwbCKdz
HMAdWrXTu3J4A0qmKPAL4LWarp44KWwbPf52yFipCPrkU0Jv7dG8oHqlFgBUCYrq
t5grRRVgQeP4YIrTo8SKc5R++AVv9QKFjvvnQDhgBHTjc/jvpRez0UzaFjDLFFDE
CmkfW+5OeahlgoSEJo/f0GoYSkww1glAC7ItcNFE+0WSK6pvkXVQ2MxOsjhevyP+
z78eJU0svxJdhpcguP7UdfKKJ2VvecAG74atyLA18OeizsDLMzyjmlH+K9KXCZu2
B12YhJyshmwDm+kKYV3dE9fcN+tbFRPWNM+kZp5G4HqtHTS68YOB7k148UPx00Hp
p7nQ4DltHi3FXDQ7NIUh
=UCG+
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: eclipse
Source-Version: 3.5.2-6squeeze2
We believe that the bug you reported is fixed in the latest version of
eclipse, which is due to be installed in the Debian FTP archive:
eclipse-jdt_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-jdt_3.5.2-6squeeze2_i386.deb
eclipse-pde_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-pde_3.5.2-6squeeze2_i386.deb
eclipse-platform-data_3.5.2-6squeeze2_all.deb
to main/e/eclipse/eclipse-platform-data_3.5.2-6squeeze2_all.deb
eclipse-platform_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-platform_3.5.2-6squeeze2_i386.deb
eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
eclipse-rcp_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-rcp_3.5.2-6squeeze2_i386.deb
eclipse_3.5.2-6squeeze2.debian.tar.gz
to main/e/eclipse/eclipse_3.5.2-6squeeze2.debian.tar.gz
eclipse_3.5.2-6squeeze2.dsc
to main/e/eclipse/eclipse_3.5.2-6squeeze2.dsc
eclipse_3.5.2-6squeeze2_all.deb
to main/e/eclipse/eclipse_3.5.2-6squeeze2_all.deb
libequinox-osgi-java_3.5.2-6squeeze2_all.deb
to main/e/eclipse/libequinox-osgi-java_3.5.2-6squeeze2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niels Thykier <[email protected]> (supplier of updated eclipse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Feb 2011 12:46:51 +0100
Source: eclipse
Binary: eclipse eclipse-jdt eclipse-pde eclipse-platform eclipse-platform-data
eclipse-plugin-cvs eclipse-rcp libequinox-osgi-java
Architecture: source all i386
Version: 3.5.2-6squeeze2
Distribution: stable
Urgency: low
Maintainer: Debian Orbital Alignment Team
<[email protected]>
Changed-By: Niels Thykier <[email protected]>
Description:
eclipse - Extensible Tool Platform and Java IDE
eclipse-jdt - Eclipse Java Development Tools (JDT)
eclipse-pde - Eclipse Plug-in Development Environment (PDE)
eclipse-platform - Eclipse platform without plug-ins to develop any language
eclipse-platform-data - Eclipse platform without plug-ins to develop any
language (data)
eclipse-plugin-cvs - Eclipse Team Integration (CVS support)
eclipse-rcp - Eclipse Rich Client Platform (RCP)
libequinox-osgi-java - Equinox OSGi framework
Closes: 611849
Changes:
eclipse (3.5.2-6squeeze2) stable; urgency=low
.
* Backported patch for CVE-2010-4647. (Closes: #611849)
- Fixes XSS in help browser application.
Checksums-Sha1:
d742dc937f3bcc56fdb2063b09a1b9fb07b60cd6 3272 eclipse_3.5.2-6squeeze2.dsc
99d161161a1e711d6d2846cce67003012bdb0378 100040
eclipse_3.5.2-6squeeze2.debian.tar.gz
76419b0b6ee6ce78a02c56206f7f022e43ee457e 47040 eclipse_3.5.2-6squeeze2_all.deb
c2800c3bb2f8573cc934e603cfdf6a3e3bd00f99 40006884
eclipse-jdt_3.5.2-6squeeze2_i386.deb
16c568727c603ec309b3bb85ca6c1f2baeda5f89 16098146
eclipse-pde_3.5.2-6squeeze2_i386.deb
990b9596e6e896d7b0a9560ee1f508dde42bcd18 40302504
eclipse-platform_3.5.2-6squeeze2_i386.deb
cd9dd3c10d09c3a908da9ca99b861ba33314c02c 29628358
eclipse-platform-data_3.5.2-6squeeze2_all.deb
dd4b3721748cbb9eab0c30e6a4d356a3402bdf9e 3189806
eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
4d07e5048909d3942eb352e22c849972155e9126 15734512
eclipse-rcp_3.5.2-6squeeze2_i386.deb
e954807a31fae279b10386c64b8384a4836af34e 3222294
libequinox-osgi-java_3.5.2-6squeeze2_all.deb
Checksums-Sha256:
3d95b2d20794ae1493adafeda4bfee6b365aa7744d97dcfb01533ce5923bf957 3272
eclipse_3.5.2-6squeeze2.dsc
94c8e55b1a7f8996efc2ce989ca89f32d920c9884cb712097bd0e2b4b8fa160b 100040
eclipse_3.5.2-6squeeze2.debian.tar.gz
03f83bcc316cdf46557b6f9a849c6d2d2e7ab3ceedf515eb90208872d1fb02bf 47040
eclipse_3.5.2-6squeeze2_all.deb
de1f7e33a916b038e4442583e8d86bbe2cc62128cf0de8e4df019385cedaa718 40006884
eclipse-jdt_3.5.2-6squeeze2_i386.deb
d945ad029af3ddb927bae23532544b20b1804d8107a2d00ec64f0d950a5f20a7 16098146
eclipse-pde_3.5.2-6squeeze2_i386.deb
33c18f942430ff57f760690b7f61dc308d1d69a979088b95c3d97459c897d87b 40302504
eclipse-platform_3.5.2-6squeeze2_i386.deb
7bb68a6e3e5167cf5400f83d5abf55fe5f6dcee5468b4d6c61583eb5ac8eeb50 29628358
eclipse-platform-data_3.5.2-6squeeze2_all.deb
abe36251edbe15cb6da844593569413e25d1687cd0a200f592729a0e7dd8e941 3189806
eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
153689f6d2a5c87961a943bd8ce0a2efab77d89a3796df38e1a6d4ba6d95490c 15734512
eclipse-rcp_3.5.2-6squeeze2_i386.deb
64283b709b527046e4e5d883862653ebe7cf9e2c31c875a85ee2c380e9c354ab 3222294
libequinox-osgi-java_3.5.2-6squeeze2_all.deb
Files:
e23e2d48c82e02a6bbba6b7185916b56 3272 devel optional
eclipse_3.5.2-6squeeze2.dsc
3693f54029a35eab75fb08ffcc1b18fd 100040 devel optional
eclipse_3.5.2-6squeeze2.debian.tar.gz
88f64f9132195fc5fbdaad4cc3619bfd 47040 devel optional
eclipse_3.5.2-6squeeze2_all.deb
d6f5f9b4a25fcdf68cf525034b1417ac 40006884 devel optional
eclipse-jdt_3.5.2-6squeeze2_i386.deb
a0fc981a7e6cda689f358fc43e218c78 16098146 devel optional
eclipse-pde_3.5.2-6squeeze2_i386.deb
2cdaf1c37a12e0afed97f59d74635de8 40302504 devel optional
eclipse-platform_3.5.2-6squeeze2_i386.deb
468ad8a33bbfd88e820659fbcac8309e 29628358 devel optional
eclipse-platform-data_3.5.2-6squeeze2_all.deb
e00b0d89171eca10cf216263336953c7 3189806 devel optional
eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
1250fa4674ec95a5ddfa8e14cb8d1bbf 15734512 devel optional
eclipse-rcp_3.5.2-6squeeze2_i386.deb
5f080cae6df5537ac381c4625ff0d3fa 3222294 java optional
libequinox-osgi-java_3.5.2-6squeeze2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJNWozLAAoJEAVLu599gGRCptgQAIbKiyJxpBEv1tyzFrbIEVEo
NutWQ5exDFsg5BqwUuiiwkmis3CSKsX/UA2JHla9uNaPRs1c+2rbbCla8hkb5GSI
4LEX9n+yg3KRdJTGIGKcfunvHBgtiIwRMBrKLNFGV+TkGHYYgaeiuctclS4Pzv0M
qjjAucI9LEk4UN5oEEaaVK+rjyaIxMorfJ55UOof2tU0XQyfwBuUs5s24iDmPD9v
ER0aK+7sXSlQdaGKXwbBt7G3SCKVSRCtFu1YTnQy8YA+I4XbxLJydkA6jCVFlqXY
CmoKA0Dy1ZzpjQ0yfsjR6FzMn5ESNF1sKsQknlPbfKX+A0FNYuCPuzTSA7s/SLxZ
ov5vcUGMgM6L0+PwDBXOVrUiCHmsrZGcphOR2xdu9uMmBJ+LLnOvF+i/6+rgUybV
QPHwhKmewZu59YSpPoVn+Ckm6r4rJRTXXk61ZCBtlX0Gd3KHP9bFQHXqCad0RKDz
ZOCb1MiiLhhmPd/WfdaYUGwWtExTYaeAHFaa6DmgvhR/jsxA+lKYdSLePYgmptks
msdkVupVgCoo8H3lSqOH36z6/9dz2X5ZhEKbpFmLmSxee6kH6EDRv/bziqp5eldt
si8bzWMXrNObvbHvHUe2MlGqlVE/73NOMCNoTibyCuxHyeFTW2YRppczUhsojgW0
EaHxNOkzclIqaZkG3AAc
=yB61
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers>. Please
use
[email protected] for discussions and questions.
