Your message dated Tue, 21 Jan 2014 21:17:29 +0000 with message-id <e1w5ihn-0001hw...@franck.debian.org> and subject line Bug#720902: fixed in libspring-java 3.0.6.RELEASE-6+deb7u1 has caused the Debian Bug report #720902, regarding libspring-java: CVE-2013-4152 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 720902: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libspring-java Severity: grave Tags: security Justification: user security hole Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4152 for details. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libspring-java Source-Version: 3.0.6.RELEASE-6+deb7u1 We believe that the bug you reported is fixed in the latest version of libspring-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 720...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@gambaru.de> (supplier of updated libspring-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 29 Dec 2013 13:21:19 +0100 Source: libspring-java Binary: libspring-core-java libspring-beans-java libspring-aop-java libspring-context-java libspring-context-support-java libspring-web-java libspring-web-servlet-java libspring-web-struts-java libspring-web-portlet-java libspring-test-java libspring-transaction-java libspring-jdbc-java libspring-jms-java libspring-orm-java libspring-expression-java libspring-oxm-java libspring-instrument-java Architecture: source all Version: 3.0.6.RELEASE-6+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@gambaru.de> Description: libspring-aop-java - modular Java/J2EE application framework - AOP libspring-beans-java - modular Java/J2EE application framework - Beans libspring-context-java - modular Java/J2EE application framework - Context libspring-context-support-java - modular Java/J2EE application framework - Context Support libspring-core-java - modular Java/J2EE application framework - Core libspring-expression-java - modular Java/J2EE application framework - Expression language libspring-instrument-java - modular Java/J2EE application framework - Instrumentation libspring-jdbc-java - modular Java/J2EE application framework - JDBC tools libspring-jms-java - modular Java/J2EE application framework - JMS tools libspring-orm-java - modular Java/J2EE application framework - ORM tools libspring-oxm-java - modular Java/J2EE application framework - Object/XML Mapping libspring-test-java - modular Java/J2EE application framework - Test helpers libspring-transaction-java - modular Java/J2EE application framework - transaction libspring-web-java - modular Java/J2EE application framework - Web libspring-web-portlet-java - modular Java/J2EE application framework - Portlet MVC libspring-web-servlet-java - modular Java/J2EE application framework - Web Portlet libspring-web-struts-java - modular Java/J2EE application framework - Struts MVC Closes: 720902 Changes: libspring-java (3.0.6.RELEASE-6+deb7u1) wheezy-security; urgency=high . * Team upload. * Fix CVE-2013-4152. - New patch: Add-processExternalEntities-to-JAXB2Marshaller.patch. - Now by default external XML entities are not processed when unmarshalling. Processing of external entities will only be enabled/disabled when the source passed to the unmarshaller is a SAXSource or StreamSource. It has no effect for DOMSource or StAXSource instances. - (Closes: #720902) Checksums-Sha1: 5eb3cb9b3967547e1c91a5188fe60b5c68777147 4567 libspring-java_3.0.6.RELEASE-6+deb7u1.dsc 54681c810cb8d918b54ab430441958a84c6440a9 11192531 libspring-java_3.0.6.RELEASE.orig.tar.gz e9f00f61c780d0029f0f36319d2d7d89e19523a9 19505 libspring-java_3.0.6.RELEASE-6+deb7u1.debian.tar.gz ed262b6393f1dadf65738e00689e86069b2f8e01 364098 libspring-core-java_3.0.6.RELEASE-6+deb7u1_all.deb 9ef33c4b2761903115c632f070d7dd00fda56202 520022 libspring-beans-java_3.0.6.RELEASE-6+deb7u1_all.deb f7f4c79f1abe718d1b57e4c2b8710dbc6c1bcafc 331176 libspring-aop-java_3.0.6.RELEASE-6+deb7u1_all.deb 8814a5471a4292688444b40a018b4d003f69931a 599282 libspring-context-java_3.0.6.RELEASE-6+deb7u1_all.deb c152f1eb506554f3bfc3fd1949256c8b25b6b3da 113508 libspring-context-support-java_3.0.6.RELEASE-6+deb7u1_all.deb 942815c2587812fd206f8a24b3f0bee3a1cef12f 371872 libspring-web-java_3.0.6.RELEASE-6+deb7u1_all.deb fea9171dd5e112b403343581673f53e5a35ca2aa 398860 libspring-web-servlet-java_3.0.6.RELEASE-6+deb7u1_all.deb f3436a33013a243bbce0f13d468e60867533e3fa 51440 libspring-web-struts-java_3.0.6.RELEASE-6+deb7u1_all.deb 44c34d168117273543fb00f656bf7afb078c9dac 180086 libspring-web-portlet-java_3.0.6.RELEASE-6+deb7u1_all.deb a139834d86dd0f4355c608dbe73f332744b96381 204994 libspring-test-java_3.0.6.RELEASE-6+deb7u1_all.deb 9942e4c9f651a019e1d342d2e746fe6c97af57b6 214106 libspring-transaction-java_3.0.6.RELEASE-6+deb7u1_all.deb d614faedd37916e66574f87d799458c5444592a1 358828 libspring-jdbc-java_3.0.6.RELEASE-6+deb7u1_all.deb 889148c9a97dc529e0975cfa315accadfb292c3a 186862 libspring-jms-java_3.0.6.RELEASE-6+deb7u1_all.deb 7ecf4f44de0f5c2409e81ead9f5d144d12085378 317706 libspring-orm-java_3.0.6.RELEASE-6+deb7u1_all.deb 85fcfec606316db10a31f6c58a14bd06a59c6256 176482 libspring-expression-java_3.0.6.RELEASE-6+deb7u1_all.deb 294e24ad0b09a48f3062289baaf43baa1b54f899 77884 libspring-oxm-java_3.0.6.RELEASE-6+deb7u1_all.deb 65da8b54ad30af91ae85b91cb184439866dd4369 29860 libspring-instrument-java_3.0.6.RELEASE-6+deb7u1_all.deb Checksums-Sha256: 483d48115a550f6a75b054269240c2cb110df3bf544a7a7f10163f8081d05d4f 4567 libspring-java_3.0.6.RELEASE-6+deb7u1.dsc 694c3efc4b4b0730c596b90a14a8e14e1a5d5be065f38a35c3e2e86c50dab04f 11192531 libspring-java_3.0.6.RELEASE.orig.tar.gz 03bb2b45eeb4c065091b11ff9f753cd712d1736f61f50ff2c461dde11e4066d5 19505 libspring-java_3.0.6.RELEASE-6+deb7u1.debian.tar.gz 357354b71ba9890d1ed53d00675a322270c034a9cfb1f2d95b5d3877fe21808c 364098 libspring-core-java_3.0.6.RELEASE-6+deb7u1_all.deb 426045199ca5edc82fa548a786a88077a0fd5bf42da194169368636bb8a5ee12 520022 libspring-beans-java_3.0.6.RELEASE-6+deb7u1_all.deb 26ecf6c1c7256bc9003e1f65633a3374e692f285e3aaa2c9a26410d29cc23e0a 331176 libspring-aop-java_3.0.6.RELEASE-6+deb7u1_all.deb 2710cf01459991d524257b7bcac63e4bcc39afffd02a06ace91b315daa8ed4ac 599282 libspring-context-java_3.0.6.RELEASE-6+deb7u1_all.deb b87f807c7a123f347c99b453c56adef832008483e207e574aac265dd0cbbc6d2 113508 libspring-context-support-java_3.0.6.RELEASE-6+deb7u1_all.deb cdb863becc211de9d6c5f1ab2f2743b73ad70cb6b1cd2f300b946ae210d00995 371872 libspring-web-java_3.0.6.RELEASE-6+deb7u1_all.deb b562a533422395f36a021de8cf6835d4d151683556c41d579e7d7ad8b84b03d6 398860 libspring-web-servlet-java_3.0.6.RELEASE-6+deb7u1_all.deb 66dc5253e82d9a44665b58831da597469af50de364a1ca4366acf7ed43c3637c 51440 libspring-web-struts-java_3.0.6.RELEASE-6+deb7u1_all.deb a07aeb433e4b64c9db06a34f77eb809d9bc566c898c1d475d507e4a6e9a6bf28 180086 libspring-web-portlet-java_3.0.6.RELEASE-6+deb7u1_all.deb dd9e04c6d3f734fffab30556d53af9ce871dae99bf47184ea4362794d4d6945e 204994 libspring-test-java_3.0.6.RELEASE-6+deb7u1_all.deb 2b3e87990b7538ad428dfb56b1c97f06c67c0030a6601140c78223868edf23c4 214106 libspring-transaction-java_3.0.6.RELEASE-6+deb7u1_all.deb b6fb13dece46d2d0d486202d24ac4dd763094f63c322affca8bdb516d33951e6 358828 libspring-jdbc-java_3.0.6.RELEASE-6+deb7u1_all.deb 3e6d999d422a95b6bd754e05152a6b72e7ef834ce51974a3ca4923320d79ee7f 186862 libspring-jms-java_3.0.6.RELEASE-6+deb7u1_all.deb fd94c8a15c06ba017b350358b54aacd978f2a83e422304158e84bc9a619890f8 317706 libspring-orm-java_3.0.6.RELEASE-6+deb7u1_all.deb 562f14f95824bb8787f09b82f18e51adb9701e2361e1a3e59601fbd41d81135f 176482 libspring-expression-java_3.0.6.RELEASE-6+deb7u1_all.deb c45cb10624c4dfb6f4ee6a2f988f8a92395245107af89010e8f5f36b399a0e29 77884 libspring-oxm-java_3.0.6.RELEASE-6+deb7u1_all.deb 5592e4816def127e370111d26c65b53742e76376553eb2a6af8b2b1de4ee0280 29860 libspring-instrument-java_3.0.6.RELEASE-6+deb7u1_all.deb Files: df511b8ba286419300e190d1a3e7f29c 4567 java extra libspring-java_3.0.6.RELEASE-6+deb7u1.dsc 94d0061e56d508cb9f935a6602ac5447 11192531 java extra libspring-java_3.0.6.RELEASE.orig.tar.gz 44258137fb5c5be6f182d5b6821aa5dd 19505 java extra libspring-java_3.0.6.RELEASE-6+deb7u1.debian.tar.gz cfb931344395d2bb25a7b0cf34ee9d1c 364098 java extra libspring-core-java_3.0.6.RELEASE-6+deb7u1_all.deb 2c3e7db6141a9cf551ad142f5d0bcf68 520022 java extra libspring-beans-java_3.0.6.RELEASE-6+deb7u1_all.deb 646877c96f44b1a28a50e5fdbe4a5fcd 331176 java extra libspring-aop-java_3.0.6.RELEASE-6+deb7u1_all.deb 7ec778ee1eda704b8523c98df77a969d 599282 java extra libspring-context-java_3.0.6.RELEASE-6+deb7u1_all.deb 72acb3f1ccbc2ee431296f8123decfdf 113508 java extra libspring-context-support-java_3.0.6.RELEASE-6+deb7u1_all.deb cc8a6bc480b073a45fed1e05dcef6801 371872 java extra libspring-web-java_3.0.6.RELEASE-6+deb7u1_all.deb 26d15421430d19c559f008f924733f7c 398860 java extra libspring-web-servlet-java_3.0.6.RELEASE-6+deb7u1_all.deb d1a72ef9a5b96451f3e21f06042ccc8e 51440 java extra libspring-web-struts-java_3.0.6.RELEASE-6+deb7u1_all.deb 33e3d54eb8b25e583378080694d62eec 180086 java extra libspring-web-portlet-java_3.0.6.RELEASE-6+deb7u1_all.deb 4623ee4132caf00ecefdc3578a8f2464 204994 java extra libspring-test-java_3.0.6.RELEASE-6+deb7u1_all.deb 9a7cff44278220b7205a2669fc45de57 214106 java extra libspring-transaction-java_3.0.6.RELEASE-6+deb7u1_all.deb d0ba56977081fdc7a514aedd62aff47e 358828 java extra libspring-jdbc-java_3.0.6.RELEASE-6+deb7u1_all.deb e6b22d5227fb05f74ac366987e553e99 186862 java extra libspring-jms-java_3.0.6.RELEASE-6+deb7u1_all.deb b84bf7bf2643f030d181704a6c17d561 317706 java extra libspring-orm-java_3.0.6.RELEASE-6+deb7u1_all.deb 9ea80ff7644332eb38aee4629e1a59c5 176482 java extra libspring-expression-java_3.0.6.RELEASE-6+deb7u1_all.deb 40ffbd1145969ae79f18e3e81cb6d6f1 77884 java extra libspring-oxm-java_3.0.6.RELEASE-6+deb7u1_all.deb 259e7e87a5da69e06485e46016f19790 29860 java extra libspring-instrument-java_3.0.6.RELEASE-6+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJSwcpmAAoJEI8AS/UHtGj7y3oQAJdf6FeBv0mfs2U9524Guyzs MCF5KfTrLfoXhl84Sar5x/PAPHOiEev1KlZaJOUTpamt/2KW03fTgSUYPhzK2Rhd 0DnWDEmCGIZK9VBFanPJCcR30Uq+eN4yfziQw72wjLItF80yZvPNUyRqOwGKrnEv P2mpNAT4QYXQ9GmAwIQAYK0AeoFg7DZOYIyoowgwAPLmeDak/MFPP0eP6E+1Ba1L cy3JoKuh9rtfLZ4D5XfTwTsYW1byGVTCO9ERb4uts2ubIXhbs3zbhYEP0/GwIssQ H4AQaIQ9UhUX3nrbrmsZcfkdaPO0EGNSqW0p2C5annYE5TwhC9jx1ZeTaofWUxmp WRdiOD3pzLx1at4XExFr8Dp3fWcgZUTwcdhf3BmnucLHPnzgL6IqVido6byhdejO I5j9UhGmAWhWzKMAO06UBDThaarKnBpJTnqp40VvVajSYhNlW81ZSeILzZG3VyRE oK9MH7ssAjdoLAZT2t61fODZTC5KmoGfuSkxYkpBgBD3aep31XQjoguCNBMmKz9i /S0CnFWtERaZyDlbIn4Ele53IdEeOIrrf2zg3vbpKsdyWvQZQWiptab1m/s2EDWp llAcI0dr5TPiLQZrkzjGWPmDJ2/+++PILIPmeU9V7ZnBr7fEUCYrzEveygJHoj2B LOJHb7O2MdaifNdwzV0p =3iBd -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
