Your message dated Sat, 07 May 2016 21:52:01 +0000
with message-id <e1aza8n-0007gw...@franck.debian.org>
and subject line Bug#823703: fixed in jackson-dataformat-xml 2.7.4-1
has caused the Debian Bug report #823703,
regarding CVE-2016-3720
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
823703: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jackson-dataformat-xml
Severity: grave
Tags: security

jackson-dataformat-xml is susceptible to XXE attacks, this was
assigned CVE-2016-3720. Fix is here:
https://github.com/FasterXML/jackson-dataformat-xml/commit/f0f19a4c924d9db9a1e2830434061c8640092cc0

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Source: jackson-dataformat-xml
Source-Version: 2.7.4-1

We believe that the bug you reported is fixed in the latest version of
jackson-dataformat-xml, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 823...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated jackson-dataformat-xml 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 07 May 2016 23:38:14 +0200
Source: jackson-dataformat-xml
Binary: libjackson2-dataformat-xml-java libjackson2-dataformat-xml-java-doc
Architecture: source all
Version: 2.7.4-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Description:
 libjackson2-dataformat-xml-java - fast and powerful JSON library for Java -- 
XML dataformat
 libjackson2-dataformat-xml-java-doc - Documentation for Jackson-dataformat-XML
Closes: 823703
Changes:
 jackson-dataformat-xml (2.7.4-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream release
     - Fixes CVE-2016-3720: XXE vulnerability in XmlMapper (Closes: #823703)
Checksums-Sha1:
 80a5baa2f8e2fe0b4601869b977f35412a5841e5 2589 
jackson-dataformat-xml_2.7.4-1.dsc
 eb7c33df978d3851d0beec885d0d93d637e9743b 77512 
jackson-dataformat-xml_2.7.4.orig.tar.xz
 2319a3b5e21ef4dff9f9c33878076bef78fd362d 4300 
jackson-dataformat-xml_2.7.4-1.debian.tar.xz
 b7693623bf186e12797fe2e9d463c13db783da6e 88738 
libjackson2-dataformat-xml-java-doc_2.7.4-1_all.deb
 6feee9eb66c69d76b12a1db0fb546de9fb5eff22 90406 
libjackson2-dataformat-xml-java_2.7.4-1_all.deb
Checksums-Sha256:
 4d4d19c6eb65a2930f8a6d526af6ef75bee7b26f216b8adc75269081af1e8514 2589 
jackson-dataformat-xml_2.7.4-1.dsc
 93129a57eb13bcae5f07d778f26db61094c24155ae857fc6c6b12c1d04532ff6 77512 
jackson-dataformat-xml_2.7.4.orig.tar.xz
 1cb3f996fa8d4c5d26284e1898feed2368a4098a0a5cbb542e4c0cb30a3c14d5 4300 
jackson-dataformat-xml_2.7.4-1.debian.tar.xz
 f0272c9befd757b627eaae51a3f81f02ac7b2062c4d6016751d231d727d1ac32 88738 
libjackson2-dataformat-xml-java-doc_2.7.4-1_all.deb
 241dafa71d8dbce6495f7f13ea364679ee38c7ba46ce1bdd4c9f728cc18befb5 90406 
libjackson2-dataformat-xml-java_2.7.4-1_all.deb
Files:
 a080fbaeb78eef49e824bdd18d22b8b5 2589 java optional 
jackson-dataformat-xml_2.7.4-1.dsc
 68db98268a525dc8406bfd1541deca33 77512 java optional 
jackson-dataformat-xml_2.7.4.orig.tar.xz
 9c4a81c56bb7b098bff4335b41aff859 4300 java optional 
jackson-dataformat-xml_2.7.4-1.debian.tar.xz
 25b3df4a9161c76be47b081ca8277a21 88738 doc optional 
libjackson2-dataformat-xml-java-doc_2.7.4-1_all.deb
 17e00026bfe7a19d526b2de90a1b1ea1 90406 java optional 
libjackson2-dataformat-xml-java_2.7.4-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXLmDZAAoJEPUTxBnkudCs4rsP/iagEOfD+mf0if35h5UmYw1P
wOr0KgvAma3L8uifvi1qMtW5I/4kG579t/cKTsCbbTo9KZOaeCXdjCWCNNzCEA0c
H5lyi+nPyrotGd121Gje713b1UWJ6zTlylygfQ4b5awOyoz7kVyC4E6H1ItecTpZ
xP6QTGunAjkTY2/OOzK0uhn1/gPnbyeM2N7Vaw8MhNA26KuXh8PJC9rLsLYmtv75
9td176mB0+C1Two+dpuhAlIqve0uhD8FTUkZV8eIHoYNC3XniDCpkSKHcsKjEU7y
Klmt+nocMS33gE/DUh0iPuFT+re4bFqphFYhLkrr8IeHbPEtquTHrjA3isEaw/oz
n0+glOcN4yFXnsABLVk7NrL86lSGxNxXlBu0qPOqH6WDi+FlSzLhEhykNd+WeLRY
gV/S/OPlipiqQDY0EyTouT9lA3z7eQFDkZ90xH/u8lw3NHzZO1j7O68k8UBl7V7f
Yms80h5mCZBMaRkqqR9/Y0p9RUsvlHFACxo0XwawJpyn05wGb0xqc9A5ko9qM7Wp
MYiXFaZW0C7pnqtK/XUCrVMllC6oqOrabuH1LTfMc3V6L4cFSHSnHZFhwrDwKwNS
XGzj1jzbT1kt+q2hKfa8Q6mODp2uecn6pxyeMCG0K6ldrDgF+2mBp4/wiNHFOdbm
eQV8o82cAY+xmGOkGLwa
=01XI
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to