Your message dated Wed, 13 Sep 2017 21:24:01 +0000 with message-id <e1dsf8b-000baj...@fasolo.debian.org> and subject line Bug#777079: fixed in jython 2.7.1+repack-1 has caused the Debian Bug report #777079, regarding jython: CVE-2013-2027 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 777079: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777079 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jython Version: 2.5.2-1 Severity: important Tags: security upstream Hi Several issues were mentioned in Red Hat Bugzilla at [0] referencing the issue which creates executables class files with wrong permissions with CVE-2013-2027. At least it seems present in the Debian package that the package writes to /usr/share. In the SuSE bugzilla[1] there are some links to fixes applied in SuSE[2]. Could you please double-check the jython package in Debian? [0] https://bugzilla.redhat.com/show_bug.cgi?id=947949 [1] https://bugzilla.novell.com/show_bug.cgi?id=916224 [2] https://build.opensuse.org/request/show/284056 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: jython Source-Version: 2.7.1+repack-1 We believe that the bug you reported is fixed in the latest version of jython, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 777...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gilles Filippini <p...@debian.org> (supplier of updated jython package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 13 Sep 2017 21:56:24 +0200 Source: jython Binary: jython jython-doc Architecture: source Version: 2.7.1+repack-1 Distribution: experimental Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Gilles Filippini <p...@debian.org> Description: jython - Python seamlessly integrated with Java jython-doc - Jython documentation including API docs Closes: 777079 800856 827280 Changes: jython (2.7.1+repack-1) experimental; urgency=medium . * New upstream release (closes: #827280, #800856, #777079) * Fix debian/watch to repack without extlibs * Update debian/copyright * Drop patches: - 02-jnr_refactoring.patch (fixed upstream) - CVE-2016-4000.patch (fixed upstream) * New patch 05-no-com.carrotsearch.sizeof.patch dropping the new jython modified version of getsizeof because of missing package java-sizeof in Debian * Update patches: - 01-build.patch - 03-default-cachedir.patch - 04-runtime-classpath.patch * Fix dependencies and run-time classpath Checksums-Sha1: 1cb5fff3f7e6a8775f172fc38a5d9da8a4e16552 2111 jython_2.7.1+repack-1.dsc 5f5d03e973b4fda5e042f0442098ef3b9e939f86 14181609 jython_2.7.1+repack.orig.tar.gz 25f7bb1ec4595dcfb027161a5a3be01ee228ec92 20184 jython_2.7.1+repack-1.debian.tar.xz 41c1e34213b59696518bed0481b30469e08807da 6716 jython_2.7.1+repack-1_source.buildinfo Checksums-Sha256: 62891869d1e128fbac40a8b2fe5cd0a682b59a4ff93517655429913855eeb370 2111 jython_2.7.1+repack-1.dsc 4ce7da3fd855e2f2ae7304944956d813dd868c24fb8ba26066fb2eefbde7998e 14181609 jython_2.7.1+repack.orig.tar.gz 736538cf6651efcbfb151988b503b48e770cd8584098eaf7fc59050d9d61b736 20184 jython_2.7.1+repack-1.debian.tar.xz 2730f9c0cf073ec5bf8302809cf7929d245d7de02cd119317c643c2b1e3f0903 6716 jython_2.7.1+repack-1_source.buildinfo Files: 9e38f796b5d35d7ace8e535ce4164cb8 2111 python optional jython_2.7.1+repack-1.dsc 8bceaba122a5bbb615739816f1ddca3e 14181609 python optional jython_2.7.1+repack.orig.tar.gz 189fd5031941e34d644ece69c7e58229 20184 python optional jython_2.7.1+repack-1.debian.tar.xz 39af41d25b29a4451c4c30fae9ce4b32 6716 python optional jython_2.7.1+repack-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFEBAEBCAAuFiEEoJObzArDE05WtIyR7+hsbH/+z4MFAlm5lQIQHHBpbmlAZGVi aWFuLm9yZwAKCRDv6Gxsf/7Pg5NRB/9dw2RCOe2jmIRMDDvhP+CEbO35fnIO/a5g l309NNTJG3TOX75a9xqxhmIQ503kISEQAEUhZRssn4JZPDs681VjSKROivTDoNgO DxzT4pFix8tRJ6Js0XbDMBqwV+CLDfMr/29WsD6tL5WsFKkzhekueBvOkTev56rC Od6raaQQEHM2gzmuG7OXvGQ5mnf0+4giBh1tXENXMUQKNJDoKbLcjPQLjK9ZufrN LOWabuxlal3LnPdfT7yRvoj03HPtRhRHa3IovehU7KLPA15gUWqdNnbWcLmfJrRr xSAxfPumqrxhDFHV5TCjFu6n76TxZ/CeLVCz2PI9ijF1P02WnzJb =e8ts -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
