Your message dated Thu, 02 Apr 2015 22:19:08 +0000
with message-id <e1ydns8-0003ih...@franck.debian.org>
and subject line Bug#780102: fixed in libjbcrypt-java 0.4-1
has caused the Debian Bug report #780102,
regarding libjbcrypt-java: CVE-2015-0886
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
780102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780102
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libjbcrypt-java
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886
http://www.mindrot.org/projects/jBCrypt/news/rel04.html
https://bugzilla.mindrot.org/show_bug.cgi?id=2097

Cheers,
         Moritz

--- End Message ---
--- Begin Message ---
Source: libjbcrypt-java
Source-Version: 0.4-1

We believe that the bug you reported is fixed in the latest version of
libjbcrypt-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 780...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated libjbcrypt-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 02 Apr 2015 23:47:58 +0200
Source: libjbcrypt-java
Binary: libjbcrypt-java
Architecture: source all
Version: 0.4-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Description:
 libjbcrypt-java - Java implementation of OpenBSD's Blowfish hashing
Closes: 780102
Changes:
 libjbcrypt-java (0.4-1) experimental; urgency=medium
 .
   * Team upload.
   * New upstream release
     - Fixes CVE-2015-0886 (Closes: #780102)
     - Added a build dependency on ant
   * Removed the javadoc from libjbcrypt-java
   * Renamed the jar installed in /usr/share/java to jbcrypt.jar
   * Standards-Version updated to 3.9.6 (no changes)
   * Use canonical URLs for the Vcs-* fields
   * Switch to debhelper level 9
Checksums-Sha1:
 7e7901c0374ac2517ef954d8beed375ea4431d62 2031 libjbcrypt-java_0.4-1.dsc
 80a9945192d30c379807736e842acfec649e02ee 15167 libjbcrypt-java_0.4.orig.tar.gz
 3a304184aa5ac5a497b89db1a4735c3eb18a04b1 3792 
libjbcrypt-java_0.4-1.debian.tar.xz
 91fe5dfa474f762df1a9f18f1be395928db6f45a 17202 libjbcrypt-java_0.4-1_all.deb
Checksums-Sha256:
 0e950424c553e035019d7aee813ce231657e75dfd6060e180f1bffde953cd8dc 2031 
libjbcrypt-java_0.4-1.dsc
 1c20d5b1d179fb63d9a4eb295f70c96e29cdbdb6173150838540210210623053 15167 
libjbcrypt-java_0.4.orig.tar.gz
 b6e65afc5519a640cf35dbe17fd860216bc125c5fe3b90412dbf74b5cc34997c 3792 
libjbcrypt-java_0.4-1.debian.tar.xz
 c4d544637ef276c55593cf1e8a1517909485cf0b0a339bd86e9ea321f47252f2 17202 
libjbcrypt-java_0.4-1_all.deb
Files:
 2a4fbaa93f974c1b376489c31a1f9c9b 2031 java optional libjbcrypt-java_0.4-1.dsc
 8d059246e055a0ea9bcbf0463e439f3d 15167 java optional 
libjbcrypt-java_0.4.orig.tar.gz
 86df0aa0898fa2c93dc76886b50c13ad 3792 java optional 
libjbcrypt-java_0.4-1.debian.tar.xz
 1901c35083956d4446ac6bd3ed74ea42 17202 java optional 
libjbcrypt-java_0.4-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVHbniAAoJEPUTxBnkudCsL04P/Agzg0KjUqzsdBR00YJTQO/D
xhzlfUwZOZFf2rEMHL88gurvzKsqIYXd08sr3wbM8uz07nexdYcEeStoQxwNwZD/
1hFwIX2sFua0eoVpdyuABAuPUQz347hxAvdNzbagROwOVqrwf7aUj+cSS261hhDa
QT+pCWfn7MEnoXHN2Ye9s7jBvGQk7eIoPwh7WQ4qJoELTHBCsOumecA80UEua76e
cP7fsmU6qzwfl49w8lombV2MZ1O2s06rt5R4/kZm/Tv7GaC/Jmeuizi71NgQ9J06
sYqbf8oATftA2yivyo3T/VN4szbshlSs6+arsK6MAbx9yo26SOMNYnhmoBCdx3jE
+iAFKmSZE7tKhzxORmyJGkIkSl1B4QpLpDNhxNncopxdV8JmdrgSjQZHlNi05lgh
ZeyG0e9e3c1IUwVyGAmABx435pMHjywPswn5b2ODjA9jc48RyMNrBeyaZy87wV5H
gzaKuwd/J9xGEtaZwA3AghW+tHJ2CEdhsdMWhJVuhQKn7Yjwxm164tA53sYtwae6
/6yHDRkXO3BpBOyL+ILHAdu8qLiDBRlRJJJEQvB5tYDn8iO2xzXfXNuLDqhqatcj
J1rKyTrL7xqd1Jtp8GbKkWVXQS5DlZNr05yVr7Qz6DrW+FyYXIGMIYUQJ0H4meKD
eHe772hgbrn7fchsRaoA
=vQmd
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to