Your message dated Tue, 21 Nov 2017 21:09:34 +0000 with message-id <e1ehfns-0005bz...@fasolo.debian.org> and subject line Bug#851430: fixed in resteasy 3.1.4-1 has caused the Debian Bug report #851430, regarding resteasy: CVE-2016-9606 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 851430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851430 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: resteasy Severity: important Tags: security There's not a great of information on this one other then this Red Hat bugtracker entry: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9571 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: resteasy Source-Version: 3.1.4-1 We believe that the bug you reported is fixed in the latest version of resteasy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 851...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg <ebo...@apache.org> (supplier of updated resteasy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 21 Nov 2017 21:28:12 +0100 Source: resteasy Binary: libresteasy-java Architecture: source Version: 3.1.4-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebo...@apache.org> Description: libresteasy-java - RESTEasy -- Framework for RESTful Web services and Java applicati Closes: 851430 Changes: resteasy (3.1.4-1) unstable; urgency=medium . * Team upload. * New upstream release - Ignore the new security-legacy module - Fixes CVE-2016-9606: Yaml unmarshalling vulnerable to remote code execution (Closes: #851430) * Removed the dependency on glassfish-javaee * Standards-Version updated to 4.1.1 Checksums-Sha1: 1b8b34f2a4c6ae2d9917441413b7430711a3a8cb 2332 resteasy_3.1.4-1.dsc d3add6a32605d2eeed7133c3ff9889fb70c77ce3 5206668 resteasy_3.1.4.orig.tar.xz 3d89a7ed60a467698df1922c1794b29f1268e46c 5864 resteasy_3.1.4-1.debian.tar.xz 47ab7e96a92b990937f78576f561254dba5af2dc 14485 resteasy_3.1.4-1_source.buildinfo Checksums-Sha256: 59d2c9597f349c56be147b93c8c22a176c16cc890cd64841fd70f4fc35a37afc 2332 resteasy_3.1.4-1.dsc 189699de94d9243f4a616524b8746fc0dbc7c4e7de34b7c84ee07485a73903d3 5206668 resteasy_3.1.4.orig.tar.xz ba0a10f22151408cf8b80e06756e497e4b172bdadebe037c72c64e4cd19a148a 5864 resteasy_3.1.4-1.debian.tar.xz 04e78bba1a80fb9298232ab4e1d7f45bd0fe78fbcd82c2d7771fd7d59bdce013 14485 resteasy_3.1.4-1_source.buildinfo Files: 3e899a658cc9ce9f2b00206f07de63f8 2332 java optional resteasy_3.1.4-1.dsc 6bb31693db64a7f120a5d4d62d356888 5206668 java optional resteasy_3.1.4.orig.tar.xz d228703c64ef2193b57c60f36db61985 5864 java optional resteasy_3.1.4-1.debian.tar.xz 0a546b524bbb047c266b2d8b9d5afae3 14485 java optional resteasy_3.1.4-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAloUjacSHGVib3VyZ0Bh cGFjaGUub3JnAAoJEPUTxBnkudCsLIQP+gProBcQ/dDre5LePCXxKcZK6o6O5TkL oxNSdaYs5FsBNH7qk8cZ+LIoo9fhjVl/Qy/TZ1lVLwzTD0xprKez00xyka4w0ee5 tkbCEj9FbzWvHZ4dsyQD+8dFDCzvHJLhE+wxwwvd/IMBvLQK8wCInf656uUyMtoA +55DpGG0qFxQTzyT/Swnb+tTRunzc/EZGKQkT16z3fta/yC3xhXe/bE7/U/dKyQO Fi79PsEP9ugDBnW4Z0KSW6T/HKNDIWrMHAN27K2qwwl2sNYuX11BmadBVVF8OvE5 eKcgCA8saB7IbhRo+VJUU15vf/T9yFAf9cudJr1LcOHTf/HTrwQU6g991NEzTAFF XXfOSkOl2tjVcaUIYO5MSQJ8+qv60DikH5dRgUkuyX2gholl8iX/DPtQ+NuKXCFm TKUkSywP/RpplF+GaEQhL1q6x+nov4MAaBr5kMA3116Mlblsp7hSxGzMqySceV4s j00+HN6lRQf+SAOSsXbj7eJNJwJIcw7wIGq+ZYKZdvb6CBIZ0ULWOYSsnXmLXyPi nuNKAaS7j0XrImN1aouJhSCzq6esPQ0pE14XAbDdRgNyxZTBmU96vXhoJEYfL6YQ eDa9Dm8esLiLMf2AoxtnqSlG5CS6jCcZ0Fk5lTef4X1iNy+TwhO/0Wri5zXksbla BJ9SDyxEQX3+ =xA9Z -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
