Your message dated Mon, 22 Jun 2015 06:05:34 +0000
with message-id <e1z6uro-0005bh...@franck.debian.org>
and subject line Bug#787316: fixed in jackrabbit 2.10.1-1
has caused the Debian Bug report #787316,
regarding CVE-2015-1833
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
787316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787316
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jackrabbit
Severity: grave
Tags: security

Hi,
please see https://issues.apache.org/jira/browse/JCR-3883

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Source: jackrabbit
Source-Version: 2.10.1-1

We believe that the bug you reported is fixed in the latest version of
jackrabbit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 787...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <a...@gambaru.de> (supplier of updated jackrabbit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 Jun 2015 18:35:47 +0200
Source: jackrabbit
Binary: libjackrabbit-java
Architecture: source all
Version: 2.10.1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@gambaru.de>
Description:
 libjackrabbit-java - content repository implementation (JCR API)
Closes: 787316
Changes:
 jackrabbit (2.10.1-1) unstable; urgency=high
 .
   * Team upload.
   * Imported Upstream version 2.10.1.
     - Fix CVE-2015-1833 (Closes: #787316)
       When processing a WebDAV request body containing XML, the XML parser can
       be instructed to read content from network resources accessible to the
       host, identified by URI schemes such as "http(s)" or "file". Depending on
       the WebDAV request, this can not only be used to trigger internal network
       requests, but might also be used to insert said content into the request,
       potentially exposing it to the attacker and others.
   * Update watch file and track upstream's stable releases.
   * Update get-orig-source-target. Download the current version.
   * Drop orig-tar.sh script. We use upstream's tarballs now.
   * Repack the orig tarball. Change compression from zip to tar.xz.
   * Remove maven.publishedRules. It is not needed.
   * Use compat level 9 and require debhelper >= 9.
   * Declare compliance with Debian Policy 3.9.6.
   * Use canonical Vcs fields.
   * wrap-and-sort -sa.
   * Drop modules.diff because we disable all modules except webdav in
     libjackrabbit.poms already.
   * Fix Format field. Add myself to debian/ copyright holders.
   * Use Files-Excluded mechanism to remove binary files.
   * Fix lintian warnings dep5-copyright-license-name-not-unique
     and comma-separated-files-in-dep5-copyright.
   * Drop build-classpath and fix Lintian warning about missing classpath for
     dependencies.
   * Use maven-debian-helper and Maven as build system. Drop all ant
     build-dependencies.
   * Add libmaven-bundle-plugin-java to Build-Depends.
   * Add maven.properties file and drop build.properties.
   * Drop maven.cleanIgnoreRules. It is unused.
Checksums-Sha1:
 51814d37c376b861660cacc78ab8ca9f2ef21a3b 2098 jackrabbit_2.10.1-1.dsc
 c7ff40a1be7954e4edd4c6c6d2f805c69f61943e 3345264 jackrabbit_2.10.1.orig.tar.xz
 f29153a246346535a7d6b09e905cea8a3783c2ad 6096 jackrabbit_2.10.1-1.debian.tar.xz
 2508d902131e816ed4d67a072b005a1d35ccc582 289970 
libjackrabbit-java_2.10.1-1_all.deb
Checksums-Sha256:
 cb4ca30547ac3f3df640b84b33d8858bfc7a2aaad4f41edf06d8e18870f247f9 2098 
jackrabbit_2.10.1-1.dsc
 3a34deacd79091f5c9ab4706b857c299adade711e8ab8b9d4d0db0ff226bc222 3345264 
jackrabbit_2.10.1.orig.tar.xz
 1e6b08d5d3de258dca0abe2876507bb32d917e7e9cbe7ce853ef615fa58999f4 6096 
jackrabbit_2.10.1-1.debian.tar.xz
 7444cf4782897faf61f3fe907836daae28bd2bce3417c26695148131b07f26ca 289970 
libjackrabbit-java_2.10.1-1_all.deb
Files:
 37ff8fcfd6d4bfccc4946af52a98780a 2098 java optional jackrabbit_2.10.1-1.dsc
 302af20c7e8ab2be429dddff92f062ed 3345264 java optional 
jackrabbit_2.10.1.orig.tar.xz
 fda82fd4a6b4c7e4ca1cb55113bd6df4 6096 java optional 
jackrabbit_2.10.1-1.debian.tar.xz
 9f4f2e8a2452fe645144cd255ef9d778 289970 java optional 
libjackrabbit-java_2.10.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVh6M/AAoJECHSBYmXSz6WOK0P/jG+Cmf5MwFooSBpfyLsqSaQ
06aw4WhDz2egRAp07fV6ypw6SvC7ftYmSo90/RnZ9bCwwVehpQC7OREW8GoQIgw9
+zegHS1AyVJkLSqbUyUJadSuyKQO0MfJCTRZhQwG4bVul1qSzUYb0XwOWcSU00jk
dvR6QbmB1Of4DFT3HCrklhnHe+i6P/vP9ouFhvx8Do3zNJPjGQBR52CxQ6LIlDUP
zdb/5r0NZbBnUQWnA2opdSCziuKhmmfEO/M2DzazoPExujDMvEgpbQBcHnzT3RXp
hXOVu2JEnAjdTJN4tUbaOqUrPimjS4BDyDfHJ8LnENuCzwLzEXEyYxW4zSwaHV2E
dj0hbHEr11iHWBPd6Mnt5sCIF1SixGGLyEGWwH+3whWjCUrsC3AR8rY4+gxp5tZJ
2oO9pViOfWEVUBpWWkpRKHWuCMUBntg8HEJVYwfBBKY3xvna6FA4nacgJCBvAaur
BaA4nt9+IXg3FXHej4qH61zKbmxxBechTfFWurhu6QEH9HP5AybtIwagVike32/N
K1ys4lcUKjz23c5+zl5ERdJ/qPzH86Q0uHCsWZD/rw7CRLVLXvYsmLRWAALHiXNk
7IDDhfg/COdHTIfKM0kAcacnAbgUoWtmnma0do9VFxIITqdikj6xN7aNFYnRIaw9
/emVZl9FeGGw+hGV0f1k
=nAel
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to