Your message dated Sat, 30 Jun 2012 09:48:00 +0000
with message-id <e1skuhy-0001wp...@franck.debian.org>
and subject line Bug#677814: fixed in libspring-2.5-java 2.5.6.SEC02-2+squeeze1
has caused the Debian Bug report #677814,
regarding CVE-2011-2730
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
677814: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libspring-security-2.0-java
Severity: grave
Tags: security

Please see 
http://www.securityfocus.com/archive/1/519593/30/0/threaded
http://www.springsource.com/security/cve-2011-2731
http://www.springsource.com/security/cve-2011-2732
http://www.springsource.com/security/cve-2011-2894

CVE-2011-2894 seems to affect libspring-java? If so, please clone or 
reassign as needed.

CVE-2011-2730 seems to affect libspring-2.5-java? If so, please clone or 
reassign as needed.

Cheers,
        Moritz



--- End Message ---
--- Begin Message ---
Source: libspring-2.5-java
Source-Version: 2.5.6.SEC02-2+squeeze1

We believe that the bug you reported is fixed in the latest version of
libspring-2.5-java, which is due to be installed in the Debian FTP archive:

libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
  to 
main/libs/libspring-2.5-java/libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
  to main/libs/libspring-2.5-java/libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
  to 
main/libs/libspring-2.5-java/libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 677...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damien Raude-Morvan <draz...@debian.org> (supplier of updated 
libspring-2.5-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 17 Jun 2012 00:13:30 +0200
Source: libspring-2.5-java
Binary: libspring-core-2.5-java libspring-beans-2.5-java libspring-aop-2.5-java 
libspring-context-2.5-java libspring-context-support-2.5-java 
libspring-web-2.5-java libspring-webmvc-2.5-java 
libspring-webmvc-struts-2.5-java libspring-webmvc-portlet-2.5-java 
libspring-test-2.5-java libspring-tx-2.5-java libspring-jdbc-2.5-java 
libspring-jms-2.5-java libspring-orm-2.5-java libspring-aspects-2.5-java
Architecture: source all
Version: 2.5.6.SEC02-2+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Damien Raude-Morvan <draz...@debian.org>
Description: 
 libspring-aop-2.5-java - modular Java/J2EE application framework - AOP
 libspring-aspects-2.5-java - modular Java/J2EE application framework - Bundled 
aspects
 libspring-beans-2.5-java - modular Java/J2EE application framework - Beans
 libspring-context-2.5-java - modular Java/J2EE application framework - Context
 libspring-context-support-2.5-java - modular Java/J2EE application framework - 
Context Support
 libspring-core-2.5-java - modular Java/J2EE application framework - Core
 libspring-jdbc-2.5-java - modular Java/J2EE application framework - JDBC tools
 libspring-jms-2.5-java - modular Java/J2EE application framework - JMS tools
 libspring-orm-2.5-java - modular Java/J2EE application framework - ORM tools
 libspring-test-2.5-java - modular Java/J2EE application framework - Test 
helpers
 libspring-tx-2.5-java - modular Java/J2EE application framework - transaction
 libspring-web-2.5-java - modular Java/J2EE application framework - Web
 libspring-webmvc-2.5-java - modular Java/J2EE application framework - MVC
 libspring-webmvc-portlet-2.5-java - modular Java/J2EE application framework - 
Portlet MVC
 libspring-webmvc-struts-2.5-java - modular Java/J2EE application framework - 
Struts MVC
Closes: 677814
Changes: 
 libspring-2.5-java (2.5.6.SEC02-2+squeeze1) stable-security; urgency=high
 .
   * Backport fix for CVE-2011-2730: Spring Framework information disclosure
     from 2.5.6.SEC03 on upstream maintainance repository (Closes: #677814):
     - d/patches/CVE-2011-2730.diff: A new context parameter has been added
       called springJspExpressionSupport. When true (the default) the existing
       behaviour of evaluating EL within the tag will be performed. When running
       in an environment where EL support is provided by the container, it is
       strongly recommended that this is set to false
Checksums-Sha1: 
 523ef5f79c189ec83bd3a68e9e13aa50b5dd3aab 3549 
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
 dd5a0e983f645a0f391ae625536da9df58943e70 3799233 
libspring-2.5-java_2.5.6.SEC02.orig.tar.gz
 abdbc17fee41ac9b427c56e34bf00dd06342de69 26231 
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
 28957e3eeb5288fb1de489a137e2cc00bec1f26a 395842 
libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 386cb0f6385d6a4b936f44501a6ce1f044f638ed 528006 
libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 71a1c8efb1b2b414217f69614cd8e0b2bfd14d87 375454 
libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 86937964c043237beafc1832be474da1b4d090a7 495402 
libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 a8a340cadb1fb0171d4ee6842de96da2732c01a0 181304 
libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 25d39c39d4000243adb8a2f29131fe6153d675d3 264900 
libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 cac77b4c1bdecc46de35f69dff45d07fd4a1b9f3 450174 
libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 5a66be71de266c503604548d360ceedb62d878b2 127812 
libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 b0529f235dc9f86690341b838216142ce2d72c92 227864 
libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 d2502953d3b6f45f618f3c1c7c64d6762bfffcff 257226 
libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 5d13bfa6319c19d167361078f3c600dfd071a50b 282680 
libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 5beed2518636a9f3a447815d7687d38af48cd9d7 386192 
libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 d18efbc4beaf68f609deee38679176e34ef842fa 263874 
libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 ec2415f379ad3744614142874f3f26d0aa3d2f05 417856 
libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 ff246ead12fc45bb0342e4569f9e0be2b33db33d 99656 
libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
Checksums-Sha256: 
 2fc3adee48d18e4bc81e7378b1b607c4e4cdea8e8c998a4c9a9a2ebd5deb6b44 3549 
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
 ab7c417fad156d58857d2968395d04ab8fb699f7f19746886043c2f5d4e1681c 3799233 
libspring-2.5-java_2.5.6.SEC02.orig.tar.gz
 cfcc80dfffb49ae920d82abf552cce4b2184121f8398d46dd080c94a900f0112 26231 
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
 39b4a15f6d7aac0dce26ec04a5d4348656fc4bee0989b5c2d809eb505e800e2d 395842 
libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 41a23abae3a33024fe00a102bc5bb0dbc127ff81c6879c0f5df3a51d1cfb9f32 528006 
libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 70a713150e0b575b8bd5e2ab67e68b181402899020fa458e11b35c8bc7b634c4 375454 
libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 5c3fab2e3fc4b40175ed7815dd7e023851e660e86085d4594c8afdf49a4fff8e 495402 
libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 e03f71d1a6b6941c461f2fed1a4a8633cac67c4aa019df2ec501668e3dfaa5ea 181304 
libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 d366bee5ffb159538c83b0bda91827505792bf88fdc24c1e40a2de40e2795f36 264900 
libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 cf6a44f2fbb23bbb510893824abc8faed6374e868fc3b80f965db7b2a140c2f2 450174 
libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 da1a4c1c3dc08d46753a3ec9770ba015c7ee55c47173488ae445919bdf5fde52 127812 
libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 a874ae9b5b589b3b345ce1c0678f457e049feb53c9e7c69694c68324ff7cac7c 227864 
libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 6d5cfb48b5eb425403ce8b8c39f11fc4fd771870c450ae6847c9cd8b02b7564c 257226 
libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 6b49bc697c5de8878a740f278997599dc685ae1db80445c6df58d5f3f6f5bb38 282680 
libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 6e4909d6276ddd0451172023572b298486dfd419fd4961cff7ff58faddc9a0bb 386192 
libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 36a41395a1e27856684f76922066f80e4d174d91c7fb4f1e994431bb829725c3 263874 
libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 9dbd94bd46385bda2e26eaf4226fc4a2df8c961c3f3a592640dda628a8935c13 417856 
libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 382fc748ad13c31c104d587b8a54fc84e45b2fd12f306f6926e1f3ab06f42280 99656 
libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
Files: 
 437687f99cb7a2dfdb0e449da6630f7d 3549 java extra 
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
 15f77cf388dd4f23d3b966115afabea3 3799233 java extra 
libspring-2.5-java_2.5.6.SEC02.orig.tar.gz
 a1426f1195ecb4bff6d8745e80c5a799 26231 java extra 
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
 6f8f407483fdd5e9b19d3c5851997de8 395842 java extra 
libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 322bcc38c0918407f3f3fcff021debe6 528006 java extra 
libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 9c228f5592de205f0bb949a33a5f84cb 375454 java extra 
libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 751764c6491fabac751abc33f8ce00e3 495402 java extra 
libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 bf00699aed5786f3ca43f1d6aba663e3 181304 java extra 
libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 64cf3c2c853b768cd23c380b92e487e2 264900 java extra 
libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 b0ffaeb038a1e9d06f08c225af807404 450174 java extra 
libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 71ee278b1a7659536458d5af109da0ba 127812 java extra 
libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 23f185c7090f7f3e844f3120fcd5e248 227864 java extra 
libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 ce35f9b13736f3a6737f83dad9fce5a9 257226 java extra 
libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 3e61f92408e04cff13113039976c9612 282680 java extra 
libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 cfe5ad94a6abecbe087a6ec046962a3c 386192 java extra 
libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 bf73d30770c80076093355bd9ae497fc 263874 java extra 
libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 3c899c57a1d8fded6abd1b7f2139f676 417856 java extra 
libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
 f7bc2567064ea975100c08476f038304 99656 java extra 
libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJP6hmSAAoJEHXiDM0z50n8+xsP/2RQSca/MicFu7DmyX6gQ76U
TI6WRzrOiaAtW1lyuDpUF99coOkYxxZsLXOS3PXOb8BnXupCcsCdVoLrVILs0P3b
uRSIM3FbFtvVZ3yWvhyDVQGEBpCmNcjg29b4dkTpU7COvsgm1pPns3bQoRRV5VmW
p+bi+ZeJQq3jkt/sEM0NiLJRl16DMpKItO4v2uLWJi22MQMoEWxdqml/KSQOlvVl
NCAMQqcJ37ee0JAFEQFJv9zYzkvWsuYdKS3k2rXfgConpn/pdYiUt/V0Kp7Zniu9
Rg0iTUKdmIPbJidCTFq1aufvagVXQP6h75/Pslsmt/PC4JsOB73NF2QP0sm1mnKE
6rx6CteUXKafftXdF6fXbeUf8UABCRTdGWfldrGl1QNxJLaKKQWVe0qw/1Yp4IkT
7jIynlHF4nLfBMvDAp/CDKQ8CTFXpfILsRQbCBJ2vO0hBjMM/bnyu5EeFcsyXc8l
L8LHDX1iOByReCD7gboqxs80nA6XunrcZWygryBWgIGjkkQp18HYxg16m3aUEcee
QcRsqOoaQDbK7Lbh8R7O66tuZJtO4wZTfU/ZddmZI5mxcGsnnJydxlGQX1CZ++9i
ETpYMX1ZlKRBvscY7mfycuw1Ygf+Nxnr8OQr8w/BEJdMDnKZOzvGy7aeLz7w0kIM
nOsGmiX04UrSZiLOOCbH
=I/zR
-----END PGP SIGNATURE-----



--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to