Your message dated Mon, 30 Dec 2013 15:21:14 +0000
with message-id <e1vxeey-0008v2...@franck.debian.org>
and subject line Bug#720902: fixed in libspring-java 3.0.6.RELEASE-10
has caused the Debian Bug report #720902,
regarding libspring-java: CVE-2013-4152
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
720902: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libspring-java
Severity: grave
Tags: security
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4152 for 
details.

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Source: libspring-java
Source-Version: 3.0.6.RELEASE-10

We believe that the bug you reported is fixed in the latest version of
libspring-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 720...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <a...@gambaru.de> (supplier of updated libspring-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 29 Dec 2013 13:24:03 +0100
Source: libspring-java
Binary: libspring-core-java libspring-beans-java libspring-aop-java 
libspring-context-java libspring-context-support-java libspring-web-java 
libspring-web-servlet-java libspring-web-struts-java libspring-web-portlet-java 
libspring-test-java libspring-transaction-java libspring-jdbc-java 
libspring-jms-java libspring-orm-java libspring-expression-java 
libspring-oxm-java libspring-instrument-java
Architecture: source all
Version: 3.0.6.RELEASE-10
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@gambaru.de>
Description: 
 libspring-aop-java - modular Java/J2EE application framework - AOP
 libspring-beans-java - modular Java/J2EE application framework - Beans
 libspring-context-java - modular Java/J2EE application framework - Context
 libspring-context-support-java - modular Java/J2EE application framework - 
Context Support
 libspring-core-java - modular Java/J2EE application framework - Core
 libspring-expression-java - modular Java/J2EE application framework - 
Expression language
 libspring-instrument-java - modular Java/J2EE application framework - 
Instrumentation
 libspring-jdbc-java - modular Java/J2EE application framework - JDBC tools
 libspring-jms-java - modular Java/J2EE application framework - JMS tools
 libspring-orm-java - modular Java/J2EE application framework - ORM tools
 libspring-oxm-java - modular Java/J2EE application framework - Object/XML 
Mapping
 libspring-test-java - modular Java/J2EE application framework - Test helpers
 libspring-transaction-java - modular Java/J2EE application framework - 
transaction
 libspring-web-java - modular Java/J2EE application framework - Web
 libspring-web-portlet-java - modular Java/J2EE application framework - Portlet 
MVC
 libspring-web-servlet-java - modular Java/J2EE application framework - Web 
Portlet
 libspring-web-struts-java - modular Java/J2EE application framework - Struts 
MVC
Closes: 720902
Changes: 
 libspring-java (3.0.6.RELEASE-10) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2013-4152. (Closes: #720902).
    - New patch: Add-processExternalEntities-to-JAXB2Marshaller.patch.
    - Now by default external XML entities are not processed when unmarshalling.
      Processing of external entities will only be enabled/disabled when the
      source passed to the unmarshaller is a SAXSource or StreamSource. It has
      no effect for DOMSource or StAXSource instances.
Checksums-Sha1: 
 f7bdcfe13b5e689774c27c16e58e8313659399fb 4484 
libspring-java_3.0.6.RELEASE-10.dsc
 6979c683b599e13a25fa7d4fdbc46685c0c7b8a4 21494 
libspring-java_3.0.6.RELEASE-10.debian.tar.gz
 38023b902df58589000676f5fc87c71e917808c7 359796 
libspring-core-java_3.0.6.RELEASE-10_all.deb
 9ecddf4987a930822046f6485c1bf045d5b2ba02 516248 
libspring-beans-java_3.0.6.RELEASE-10_all.deb
 4886f787c4fd1fb5821019ce0123c46b1a97f820 326750 
libspring-aop-java_3.0.6.RELEASE-10_all.deb
 5f2c420b1b61d8b50eadafbca4e4ca1bbb7b8143 589976 
libspring-context-java_3.0.6.RELEASE-10_all.deb
 e956934165462d017e453989c4ae5b7da96c0209 112916 
libspring-context-support-java_3.0.6.RELEASE-10_all.deb
 6fbc669feb53a1f8af5ff78277bba22a2359960e 367836 
libspring-web-java_3.0.6.RELEASE-10_all.deb
 4f9032bfbc854246c71836747fd6384371e63e2c 396162 
libspring-web-servlet-java_3.0.6.RELEASE-10_all.deb
 72868444ef44fda3ce2c4789465fc506235ea53c 51654 
libspring-web-struts-java_3.0.6.RELEASE-10_all.deb
 06ff53bb5aa2483c42165b501979ce5d9487e9ea 179232 
libspring-web-portlet-java_3.0.6.RELEASE-10_all.deb
 392a4d3fad85f80bcb1f18c34b0fe44cab5d9557 203612 
libspring-test-java_3.0.6.RELEASE-10_all.deb
 3d651a5acb17b8358547ac5279bbe22d89de04bd 210988 
libspring-transaction-java_3.0.6.RELEASE-10_all.deb
 72be80453a1d01530d29ea9095b5739aec0121c2 356206 
libspring-jdbc-java_3.0.6.RELEASE-10_all.deb
 cff79f078fb20ae839428cefead5d3962eb3eced 185658 
libspring-jms-java_3.0.6.RELEASE-10_all.deb
 680116cf9ad0acbf1f617a77d73827e52f5f12c3 314600 
libspring-orm-java_3.0.6.RELEASE-10_all.deb
 9ed26e9eecd83fb7e5c11a1fa37d49037f68b457 175930 
libspring-expression-java_3.0.6.RELEASE-10_all.deb
 d4c9916c0290184f82c51b35ba20636f701ef13f 77774 
libspring-oxm-java_3.0.6.RELEASE-10_all.deb
 76acfe1248d319603a409a6a02747de9d37c0d26 29948 
libspring-instrument-java_3.0.6.RELEASE-10_all.deb
Checksums-Sha256: 
 9ce69df5778b0e33f5b646b3714c64deb1d4527f839fedd4521223c7cc09d88c 4484 
libspring-java_3.0.6.RELEASE-10.dsc
 e6c56be05a85b3e52a527c05f28dcbdcb93a9ca640beac99d34157921cab1ba5 21494 
libspring-java_3.0.6.RELEASE-10.debian.tar.gz
 86aec5df436eac97b0fdcb27958fcd5f3c0bb79f5355dc4e8f1424996525ed11 359796 
libspring-core-java_3.0.6.RELEASE-10_all.deb
 69cc5a16a12fe720e6b066ed69da44285dd0ae098785d97dc4d26df2c5c26157 516248 
libspring-beans-java_3.0.6.RELEASE-10_all.deb
 58d012f19586511022ccbed9a99d9b71ee80127e313815c0a0f250f74ab92c6c 326750 
libspring-aop-java_3.0.6.RELEASE-10_all.deb
 da7cb7e958cac12bb5fb308f6cb6ec700c21fc74fc503e125a0c5f96c496ebe4 589976 
libspring-context-java_3.0.6.RELEASE-10_all.deb
 c1782c573efefa2ec05063cf41e196a594b3216df222f3af1b1cfe0018e1adbb 112916 
libspring-context-support-java_3.0.6.RELEASE-10_all.deb
 4c8b726634bd309fcca717f3d0c68496a1185df944b41e6d401a881e8ec34c44 367836 
libspring-web-java_3.0.6.RELEASE-10_all.deb
 42216a604ba084f84cabe9a366bb1e3c1e4e454273750f542efb962ab22a2a2d 396162 
libspring-web-servlet-java_3.0.6.RELEASE-10_all.deb
 49f2d3f855e35364317bad84acce2fb3a50ae811a356e2f1d28963703a673534 51654 
libspring-web-struts-java_3.0.6.RELEASE-10_all.deb
 225afe4ee806985b9cd1f4bceb3f638de5ed0cc979f9055225408c711274c3a0 179232 
libspring-web-portlet-java_3.0.6.RELEASE-10_all.deb
 f1a552126b18337de27bca84cbbdff48468fcad18c341e9b39d59cc8a972f337 203612 
libspring-test-java_3.0.6.RELEASE-10_all.deb
 d409e7526378bd0dcb4e7bd314bf428136ac2263a9d9fe0b6b36003de967786a 210988 
libspring-transaction-java_3.0.6.RELEASE-10_all.deb
 4d624518a1530f6de7c60fc1fe16e94ae5587571f6bd74c59950fec18bf2bffe 356206 
libspring-jdbc-java_3.0.6.RELEASE-10_all.deb
 5be2248ee700790f8adf031d2cf18b7f327e48050c169b04898122b50ad2aa1a 185658 
libspring-jms-java_3.0.6.RELEASE-10_all.deb
 3b476a808478a3b1fef9a1368660c052d1bf6afc09485d80a78033b697c72f11 314600 
libspring-orm-java_3.0.6.RELEASE-10_all.deb
 40f4c2376c088727bc144dcc1be949fcc46cbca7f725ff3e6cf7e78235ba8628 175930 
libspring-expression-java_3.0.6.RELEASE-10_all.deb
 87d9bd738314c7e7325c59864283ff00a625eafda7b8f5ad9f7e46eb248687ca 77774 
libspring-oxm-java_3.0.6.RELEASE-10_all.deb
 3719d132b8a727503abf265ba0d02093cea95dac0a39de15e20db6726fe48c64 29948 
libspring-instrument-java_3.0.6.RELEASE-10_all.deb
Files: 
 422332c69a97d53a320cbe898c723d43 4484 java extra 
libspring-java_3.0.6.RELEASE-10.dsc
 c90bde6db6cd6dc5fdb80f34a34b1bcb 21494 java extra 
libspring-java_3.0.6.RELEASE-10.debian.tar.gz
 0f7b3a40f94764099786c89879d939d1 359796 java extra 
libspring-core-java_3.0.6.RELEASE-10_all.deb
 80f9cb9e9f5636b5dab316224c4eb73b 516248 java extra 
libspring-beans-java_3.0.6.RELEASE-10_all.deb
 1da4525ee82936be2c8b700b56f85b9f 326750 java extra 
libspring-aop-java_3.0.6.RELEASE-10_all.deb
 1e6f4f7c3ddeede462548be72da73e6d 589976 java extra 
libspring-context-java_3.0.6.RELEASE-10_all.deb
 d8d8cd7eced09853154c74a3c4acf4c4 112916 java extra 
libspring-context-support-java_3.0.6.RELEASE-10_all.deb
 b59062bd612e0622e4b42b0e6f657c07 367836 java extra 
libspring-web-java_3.0.6.RELEASE-10_all.deb
 7b893fb3a28acfaf7bd48093de396996 396162 java extra 
libspring-web-servlet-java_3.0.6.RELEASE-10_all.deb
 8d7c0fcee523d7dff013e654ffd4c2b8 51654 java extra 
libspring-web-struts-java_3.0.6.RELEASE-10_all.deb
 9ab0b20418e9175945aac8eb62ba6144 179232 java extra 
libspring-web-portlet-java_3.0.6.RELEASE-10_all.deb
 0038f7d30d52c55a5ccce0b19eac9cee 203612 java extra 
libspring-test-java_3.0.6.RELEASE-10_all.deb
 8cae8c2d1a75e647dbfddd224dd352e3 210988 java extra 
libspring-transaction-java_3.0.6.RELEASE-10_all.deb
 532cf458e5f4de45b81a510bb0b2bfc7 356206 java extra 
libspring-jdbc-java_3.0.6.RELEASE-10_all.deb
 f545a97d4d1b902d494a6ba6bf73c158 185658 java extra 
libspring-jms-java_3.0.6.RELEASE-10_all.deb
 2a6bb6b213f41b7314f2ac51d8733492 314600 java extra 
libspring-orm-java_3.0.6.RELEASE-10_all.deb
 4a8e25b83f996a66faa73ef9cb39ab00 175930 java extra 
libspring-expression-java_3.0.6.RELEASE-10_all.deb
 c186039469c3b7cdc2082d3bb3871135 77774 java extra 
libspring-oxm-java_3.0.6.RELEASE-10_all.deb
 dce49e72833e9e588bffb2a34f755f17 29948 java extra 
libspring-instrument-java_3.0.6.RELEASE-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJSwYffAAoJEI8AS/UHtGj7cPoP/0uBfXYsXXRudkYaVWnCjY2Y
pv9bdK7OV5/SYLWr3gcDqw3oZanRtU1aFgnsAsZLpLbnLyc0I+kzYsvJJM/pJ201
uxZbQqypJsaHMQq0/sMnovUsWnxLr2sMIwBvM7FOohMSekLKUIjdmyHoDGctyjPB
RJA4fqLk0vdQIsaEdDAcNHdJBySAHXiWsUnrQuiph5EhQREFIAwasNC3S8UH5FOI
9BSkl2W9EBAguodTsnaHaOHriKLizTs6oqwzqL9AgiVFS2Z2Gfngg2P5xoRD4kKQ
IAsWmVjcNKoonqa2Nan3YXuSfdSY03viNJOOzp0zx87hu83GUiBJazo7Dobc7U73
gWVDc9fMa1yl7u+D4hLe+Ewtmw60wd7YNVgAikdET/5qERpaVLXW2G4oKp04tIef
9LyP86bSGX9LyRJvIae8cQWKVQz+DDjURNRBf3GSPMsCFDdpMko6Cesl+EjBF8Vr
pdC790J2dsCc3uFvVvt4tijDyCZSNLJbOJ1XKOmA/xlno2pfpHOL0m1Z82ORSb9W
hx/BTu7vL21gwEd+cMcaSaXT0F2IJtKauSyvmZT+idobQOgYYT8Fh2CDIiyYjSnd
7agj6n/tDBng6p1mGn9CTstoRUt/gpOWvqmBoCmsUhE/63Dy5eLQ88tYMdZXmt1A
ncmhmqYVZJpzfOLSgllJ
=Nfz5
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to