Your message dated Sun, 11 Dec 2016 18:03:51 +0000
with message-id <e1cg8tx-0005dl...@fasolo.debian.org>
and subject line Bug#777079: fixed in jython 2.7.0+repack-1
has caused the Debian Bug report #777079,
regarding jython: CVE-2013-2027
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
777079: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777079
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jython
Version: 2.5.2-1
Severity: important
Tags: security upstream

Hi

Several issues were mentioned in Red Hat Bugzilla at [0] referencing
the issue which creates executables class files with wrong permissions
with CVE-2013-2027.

At least it seems present in the Debian package that the package
writes to /usr/share. In the SuSE bugzilla[1] there are some links to
fixes applied in SuSE[2].

Could you please double-check the jython package in Debian?

 [0] https://bugzilla.redhat.com/show_bug.cgi?id=947949
 [1] https://bugzilla.novell.com/show_bug.cgi?id=916224
 [2] https://build.opensuse.org/request/show/284056

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: jython
Source-Version: 2.7.0+repack-1

We believe that the bug you reported is fixed in the latest version of
jython, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 777...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gilles Filippini <p...@debian.org> (supplier of updated jython package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 11 Dec 2016 17:59:27 +0100
Source: jython
Binary: jython jython-doc
Architecture: source
Version: 2.7.0+repack-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Gilles Filippini <p...@debian.org>
Description:
 jython     - Python seamlessly integrated with Java
 jython-doc - Jython documentation including API docs
Closes: 777079 800856 827280
Changes:
 jython (2.7.0+repack-1) experimental; urgency=medium
 .
   * New upstream release (closes: #827280, #800856, #777079)
   * Fix debian/watch to repack without extlibs
   * Update debian/copyright
   * Drop patch 02-jnr_refactoring.patch
   * New patch 02-no-class-in-root-package.patch to avoid bnd failure
     when generating OSGi metadata
   * Update patches:
     - 01-build.patch
     - 03-default-cachedir.patch
   * Update dependencies
Checksums-Sha1:
 01d969202be42a801f2243b4fa877cad7e32269c 2101 jython_2.7.0+repack-1.dsc
 4ff5a84e1f336e5986708b0f01fa75c5e07d500f 13737430 
jython_2.7.0+repack.orig.tar.gz
 18bef4619108c5e423f54823dbbabd3f7bb0ceb6 18576 
jython_2.7.0+repack-1.debian.tar.xz
Checksums-Sha256:
 1ae4f7c339d64f77a660f9497507a3342bdf11c135a7155fe316d944b9ae6a2d 2101 
jython_2.7.0+repack-1.dsc
 98753a09449f8f28a86a58be4dfe0af82d6c5ce43f4c82345fa52a5d591709aa 13737430 
jython_2.7.0+repack.orig.tar.gz
 5d9c471d361396634186eca905b626b5cad7d4b2883bae236012a5841be46315 18576 
jython_2.7.0+repack-1.debian.tar.xz
Files:
 5c42aee78ee04dbe487fb48712423335 2101 python optional jython_2.7.0+repack-1.dsc
 cf4b7fa6af93f0e8e864bed1d65ba513 13737430 python optional 
jython_2.7.0+repack.orig.tar.gz
 b8e1fe562300f90eba574fec21e47611 18576 python optional 
jython_2.7.0+repack-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEtBAEBCAAXBQJYTZIKEBxwaW5pQGRlYmlhbi5vcmcACgkQ7+hsbH/+z4NE2gf+
Omrxz4pEabYHp1LchTHEa+si2VcuS/to9/jhdQU2vFS9Q8iSTMClfZZdxEIUAo7z
ex5cKngofNa735GOFjJttBqhdeP5guohTavdLJJQ3TSJteQaE/8IPAD/vuQPdpZa
sCKn+dv/AZVWQQlKxGQ4KRFp8S7/WKvcNiYjGrUN8QzXWQs5KwDwsBOmOyQrwC+V
Q6gl1LTTI2xXuAeltIcB2iKFyJDK3d2OU92QnoYc2wdnSF7l24jLfamEoco88xHJ
0OZpMPCNwj8zFj+Cxm3Zr/WV1KUzbTnFo4NinvGf7HcwbuaxDQvhYn7tG8xNhisY
f/NuXG+uktHpZ1z9clpLqA==
=oclJ
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to