Bug#657281: src/java/org/apache/fop/pdf/ sRGB Color Space Profile.icm is non-free

[Stuart Prescott]

Hi!

This file seems to have been copied into quite a few different source trees. 
See 
#699301, #699304, #699305 and #699306. A relicensing solution from HP would 
be fantastic about now in the wheezy release cycle.

Looking through source packages, with an sRGB*icm file in them, the following 
source packages have an sRGB*icm file that has a different md5sum to the 
offending file for these bugs:

argyll
calligra
dispcalgui
rawtherapee

I have not looked at how these icm files are licensed, where they have come 
from or whether they would be suitable as a dfsg-free replacement for sRGB 
Color Space Profile.icm. Perhaps someone who knows more than me about colour 
management and icm can do so...

cheers
Stuart

-- 
Stuart Prescotthttp://www.nanonanonano.net/   stu...@nanonanonano.net
Debian Developer   http://www.debian.org/ stu...@debian.org
GPG fingerprintBE65 FD1E F4EA 08F3 23D4 3C6D 9FE8 B8CD 71C5 D1A8
GPG fingerprint90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7


signature.asc
Description: This is a digitally signed message part.
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#698974: umlet dependency on libjsyntaxpane-java

[Benjamin Mesing]

Hi,

from my Point of view, there is nothing speaking against a new version
of jsyntaxpane. As far as I understand it, umlet does not need to be
recompiled and will work better with the new version, so please go
ahead.

Best regards

Benjamin

On Fri, 2013-01-25 at 23:00 +0100, Felix Natter wrote:
> hello Benjamin,
> 
> I am working on the freeplane package which depends on
> libjsyntaxpane-java like your package umlet (and I think those two
> packages are the only ones which depend on libjsyntaxpane-java in
> testing). But freeplane needs a more recent version (r156 vs r148), so I
> looked at building umlet with jsyntaxpane-0.95~r156:
> 
> - With the default unstable package (11.3-5, built from source on
>   testing) I do not get colors and italics in the bottom right pane.
> 
> - If I symlink /usr/share/java/jsyntaxpane.jar to
>   jsyntaxpane-0.9.5~r156.jar [1], and restart umlet, then I get colors and
>   italics in the editor pane.
> 
> So it looks like it would be a good idea to use the new jsyntaxpane for
> both umlet and freeplane.
> 
> (I posted here: 
> http://code.google.com/p/umlet/issues/detail?id=120&q=label%3AType-Defect&colspec=ID%20Type%20Status%20Priority%20UMLet%20Owner%20Summary
> but that is no longer relevant because it's a debian issue)
> 
> [1] built from the latest http://jsyntaxpane.googlecode.com/svn/branches/r095/
> using:
> $ 
> $ mvn package
> (I can send you the file for testing if that is easier for you)
> 
> Best Regards,

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#699254: marked as done (libpdfbox-java: FTBFS: cp: missing file operand)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2013 16:18:59 +
with message-id 
and subject line Bug#699254: fixed in libpdfbox-java 1:1.7.0+dfsg-4
has caused the Debian Bug report #699254,
regarding libpdfbox-java: FTBFS: cp: missing file operand
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
699254: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699254
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libpdfbox-java
Version: 1:1.7.0+dfsg-3
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20130129 qa-ftbfs
Justification: FTBFS in wheezy on amd64

Hi,

During a rebuild of all packages in *wheezy*, your package failed to
build on amd64.

Relevant part:
>  debian/rules build
> dh build --buildsystem ant
>dh_testdir -O--buildsystem=ant
>debian/rules override_dh_auto_configure
> make[1]: Entering directory `/«BUILDDIR»/libpdfbox-java-1.7.0+dfsg'
> # replace what we delete in repacking. never used ...
> find /usr/share/fonts/cmap/ -type f | xargs cp -n -t 
> pdfbox/src/main/resources/org/apache/pdfbox/resources/cmap/
> cp: missing file operand
> Try `cp --help' for more information.
> make[1]: *** [override_dh_auto_configure] Error 123

The full build log is available from:
   
http://people.debian.org/~lucas/logs/2013/01/29/libpdfbox-java_1.7.0+dfsg-3_wheezy.log

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
--- End Message ---
--- Begin Message ---
Source: libpdfbox-java
Source-Version: 1:1.7.0+dfsg-4

We believe that the bug you reported is fixed in the latest version of
libpdfbox-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann  (supplier of updated libpdfbox-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 29 Jan 2013 17:07:45 +0100
Source: libpdfbox-java
Binary: libpdfbox-java libpdfbox-java-doc libjempbox-java libjempbox-java-doc 
libfontbox-java libfontbox-java-doc
Architecture: source all
Version: 1:1.7.0+dfsg-4
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers 

Changed-By: gregor herrmann 
Description: 
 libfontbox-java - Java font library
 libfontbox-java-doc - Java font library (Documentation)
 libjempbox-java - XMP Compatible Java Library
 libjempbox-java-doc - XMP Compatible Java Library (documentation)
 libpdfbox-java - PDF library for Java
 libpdfbox-java-doc - PDF library for Java (documentation)
Closes: 699254
Changes: 
 libpdfbox-java (1:1.7.0+dfsg-4) unstable; urgency=low
 .
   * Fix installation of CMap tables during build:
 - debian/control:
   replace build-dependeny on removed packages cmap-adobe-* and
   gs-cjk-resource with their successor poppler-data.
 - debian/rules:
   adjust path to CMap files accordingly; and guard against future failures
   by using the idiomatic "find -print0 | xargs -r0" construct.
 Thanks to Lucas Nussbaum for the bug report.
 (Closes: #699254)
Checksums-Sha1: 
 14681883e9eef690cbde52883b3c5b6bab5140fb 2545 libpdfbox-java_1.7.0+dfsg-4.dsc
 edb5d6bb82cc1a8f8c6eca717ecc2987cb68267a 8944 
libpdfbox-java_1.7.0+dfsg-4.debian.tar.gz
 f8349f1aac76b4382a593f291c6304b34c19176a 8832652 
libpdfbox-java_1.7.0+dfsg-4_all.deb
 d32e0bcab0d00bb756bb02638b598e20bfaf071f 1369674 
libpdfbox-java-doc_1.7.0+dfsg-4_all.deb
 7e4fdca527b62ac38744c929ea456bc2096075a0 55292 
libjempbox-java_1.7.0+dfsg-4_all.deb
 99a59e783ea6fd187a0ee226f3f1fcc3b15ec006 95240 
libjempbox-java-doc_1.7.0+dfsg-4_all.deb
 bd12970489469d2c37b23916283aacd80dae881a 177988 
libfontbox-java_1.7.0+dfsg-4_all.deb
 4759074c24255e10de71171c7b576332f2088bb5 170966 
libfontbox-java-doc_1.7.0+dfsg-4_all.deb
Checksums-Sha256: 
 cf2bd728cf30375973a6ac037a2992fd78c2d552b68a

libpdfbox-java_1.7.0+dfsg-4_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 29 Jan 2013 17:07:45 +0100
Source: libpdfbox-java
Binary: libpdfbox-java libpdfbox-java-doc libjempbox-java libjempbox-java-doc 
libfontbox-java libfontbox-java-doc
Architecture: source all
Version: 1:1.7.0+dfsg-4
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers 

Changed-By: gregor herrmann 
Description: 
 libfontbox-java - Java font library
 libfontbox-java-doc - Java font library (Documentation)
 libjempbox-java - XMP Compatible Java Library
 libjempbox-java-doc - XMP Compatible Java Library (documentation)
 libpdfbox-java - PDF library for Java
 libpdfbox-java-doc - PDF library for Java (documentation)
Closes: 699254
Changes: 
 libpdfbox-java (1:1.7.0+dfsg-4) unstable; urgency=low
 .
   * Fix installation of CMap tables during build:
 - debian/control:
   replace build-dependeny on removed packages cmap-adobe-* and
   gs-cjk-resource with their successor poppler-data.
 - debian/rules:
   adjust path to CMap files accordingly; and guard against future failures
   by using the idiomatic "find -print0 | xargs -r0" construct.
 Thanks to Lucas Nussbaum for the bug report.
 (Closes: #699254)
Checksums-Sha1: 
 14681883e9eef690cbde52883b3c5b6bab5140fb 2545 libpdfbox-java_1.7.0+dfsg-4.dsc
 edb5d6bb82cc1a8f8c6eca717ecc2987cb68267a 8944 
libpdfbox-java_1.7.0+dfsg-4.debian.tar.gz
 f8349f1aac76b4382a593f291c6304b34c19176a 8832652 
libpdfbox-java_1.7.0+dfsg-4_all.deb
 d32e0bcab0d00bb756bb02638b598e20bfaf071f 1369674 
libpdfbox-java-doc_1.7.0+dfsg-4_all.deb
 7e4fdca527b62ac38744c929ea456bc2096075a0 55292 
libjempbox-java_1.7.0+dfsg-4_all.deb
 99a59e783ea6fd187a0ee226f3f1fcc3b15ec006 95240 
libjempbox-java-doc_1.7.0+dfsg-4_all.deb
 bd12970489469d2c37b23916283aacd80dae881a 177988 
libfontbox-java_1.7.0+dfsg-4_all.deb
 4759074c24255e10de71171c7b576332f2088bb5 170966 
libfontbox-java-doc_1.7.0+dfsg-4_all.deb
Checksums-Sha256: 
 cf2bd728cf30375973a6ac037a2992fd78c2d552b68a7867492c8453552ec036 2545 
libpdfbox-java_1.7.0+dfsg-4.dsc
 18e26371d6d2761f9fa01b320129872eaa715f9e84f14d483bc5884f8be9cbdd 8944 
libpdfbox-java_1.7.0+dfsg-4.debian.tar.gz
 59f965ecd11fdc5b4a39353c59a5340ff69d3dc7397c91a22f898c158d32a94f 8832652 
libpdfbox-java_1.7.0+dfsg-4_all.deb
 7b8114f7caa36456db616e65e126001a80988107526b0556f0184cd0216e 1369674 
libpdfbox-java-doc_1.7.0+dfsg-4_all.deb
 49cc32ef60877e06257b7f50f9bc1128d4674c16791c25a329adc4d5007efdcb 55292 
libjempbox-java_1.7.0+dfsg-4_all.deb
 424d8a7ea76e97d362b86b2f7887627472af3531e09ad38db381f5391cb769de 95240 
libjempbox-java-doc_1.7.0+dfsg-4_all.deb
 6e7d873649342a3d5ad0429ee368e9decf98b49bfffcf290e62a7ea110c3158b 177988 
libfontbox-java_1.7.0+dfsg-4_all.deb
 6650929c2649adafdc3a0f5198c68352f515ef51986f34363207453f600070c7 170966 
libfontbox-java-doc_1.7.0+dfsg-4_all.deb
Files: 
 8fc7951e467819c413e8b1e4ee4e09bf 2545 java extra 
libpdfbox-java_1.7.0+dfsg-4.dsc
 ec8c7e6e6b36381858bd032863cf5459 8944 java extra 
libpdfbox-java_1.7.0+dfsg-4.debian.tar.gz
 f0398100f2bcd0e249d15259f69f7df4 8832652 java extra 
libpdfbox-java_1.7.0+dfsg-4_all.deb
 2c3f33eda037fb455863e70d288ac470 1369674 doc extra 
libpdfbox-java-doc_1.7.0+dfsg-4_all.deb
 0edcabd472aaf0b54590da95a31af41c 55292 java extra 
libjempbox-java_1.7.0+dfsg-4_all.deb
 7a51fac5996a9c89b635fbc2af6046fd 95240 doc extra 
libjempbox-java-doc_1.7.0+dfsg-4_all.deb
 6099daabce4fb2fc6d23a63493eda1f1 177988 java extra 
libfontbox-java_1.7.0+dfsg-4_all.deb
 d979438143a5686f856d50c3585b3d13 170966 doc extra 
libfontbox-java-doc_1.7.0+dfsg-4_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRB/QfAAoJELs6aAGGSaoGDScP/1dUe4EZtHu1A9HDxx4egnke
P8qMENDUdXd+z8RffWVXrXCrB4zef5zloSegf/1rZ4JwW1He1elZXx3s3Qgr2ud8
PLdx+oBWUOhix+RN4VaRNxOgvqTOifyoyqVr7GqTZ0NnKDN7fxjm2uvKhXjifRNq
aClrNlUNwBDoN3rhXISu8UyLG177Fzk6bc3Qd4CvXilLbwJkSEEC3FYvVgYkD3xq
pRX1ZS6oxfGoZKVm8KvXfLMXA30Un/GKyf7EWhWPWih9Ej5fFnNtudoyoA5HIWdQ
o/N7cDC0nalH6OVN61Fxe6h9rRnxpRD6xcC6IKp8p0wjBHLSlunJjLII2dT83i/I
89oNvfzFS7/ZtA+LtIbEWndgUXN1sCpp3YZuB0wOBrA7laq3qcycf15hx0azyCyr
gL2GSbRVUJLjq6EaRSa8NM4D7TYccwqsSaFa+NxipRi4GcRi6ylooPt9pVeeDTFt
6SuoO9UOcAfIjXUgqrQfsfL5KpMws9I77C6xM0CQzo8FDBVUkpd1cr+dpLkTyItP
L1xyJmYO7IkFdP92lsxE3Ledl9iaqUtfRhBCwwfhYbRndWQ4z+reD1nfpVIx/VTx
iZXlNlWg1E5gkYZY/k6u8ZoyMgX0A+ahFxIx6c+KamisEST5G4qhuxLOxyU55OLG
mq0DVlGfF5NQ9t1Kj9UC
=M0x4
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: tagging 699254

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 699254 + confirmed
Bug #699254 [src:libpdfbox-java] libpdfbox-java: FTBFS: cp: missing file operand
Added tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
699254: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699254
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libpdfbox-java_1.7.0+dfsg-4_amd64.changes

[Debian FTP Masters]

libpdfbox-java_1.7.0+dfsg-4_amd64.changes uploaded successfully to localhost
along with the files:
  libpdfbox-java_1.7.0+dfsg-4.dsc
  libpdfbox-java_1.7.0+dfsg-4.debian.tar.gz
  libpdfbox-java_1.7.0+dfsg-4_all.deb
  libpdfbox-java-doc_1.7.0+dfsg-4_all.deb
  libjempbox-java_1.7.0+dfsg-4_all.deb
  libjempbox-java-doc_1.7.0+dfsg-4_all.deb
  libfontbox-java_1.7.0+dfsg-4_all.deb
  libfontbox-java-doc_1.7.0+dfsg-4_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#699254: libpdfbox-java: FTBFS: cp: missing file operand

[Lucas Nussbaum]

Source: libpdfbox-java
Version: 1:1.7.0+dfsg-3
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20130129 qa-ftbfs
Justification: FTBFS in wheezy on amd64

Hi,

During a rebuild of all packages in *wheezy*, your package failed to
build on amd64.

Relevant part:
>  debian/rules build
> dh build --buildsystem ant
>dh_testdir -O--buildsystem=ant
>debian/rules override_dh_auto_configure
> make[1]: Entering directory `/«BUILDDIR»/libpdfbox-java-1.7.0+dfsg'
> # replace what we delete in repacking. never used ...
> find /usr/share/fonts/cmap/ -type f | xargs cp -n -t 
> pdfbox/src/main/resources/org/apache/pdfbox/resources/cmap/
> cp: missing file operand
> Try `cp --help' for more information.
> make[1]: *** [override_dh_auto_configure] Error 123

The full build log is available from:
   
http://people.debian.org/~lucas/logs/2013/01/29/libpdfbox-java_1.7.0+dfsg-3_wheezy.log

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#694888: marked as done (ca-certificates-java: early triggered jks-keystore may fail and leave the temporary /etc/java-7-openjdk/jvm-$arch.cfg)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2013 13:47:28 +
with message-id 
and subject line Bug#694888: fixed in ca-certificates-java 20121112+nmu2
has caused the Debian Bug report #694888,
regarding ca-certificates-java: early triggered jks-keystore may fail and leave 
the temporary /etc/java-7-openjdk/jvm-$arch.cfg
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
694888: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694888
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openjdk-7-jre-headless
Version: 7u9-2.3.3-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + libjogl2-java

Hi,

during a test with piuparts I noticed your package failed the piuparts
upgrade test because dpkg detected a conffile as being modified and then
prompted the user for an action. As there is no user input, this fails.
But this is not the real problem, the real problem is that this prompt
shows up in the first place, as there was nobody modifying this conffile
at all, the package has just been installed and upgraded...

This is a violation of policy 10.7.3, see
http://www.debian.org/doc/debian-policy/ch-files.html#s10.7.3,
which says "[These scripts handling conffiles] must not ask unnecessary
questions (particularly during upgrades), and must otherwise be good
citizens."

http://wiki.debian.org/DpkgConffileHandling should help with figuring
out how to do this properly.

In http://lists.debian.org/debian-devel/2009/08/msg00675.html and
followups it has been agreed that these bugs are to be filed with
severity serious.

>From the attached log (scroll to the bottom...):

  Setting up openjdk-7-jre-headless:amd64 (7u9-2.3.3-1) ...
  
  Configuration file `/etc/java-7-openjdk/jvm-amd64.cfg'
   ==> File on system created by you or by a script.
   ==> File also in package provided by package maintainer.
 What would you like to do about it ?  Your options are:
  Y or I  : install the package maintainer's version
  N or O  : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
   The default action is to keep your current version.
  *** jvm-amd64.cfg (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing 
openjdk-7-jre-headless:amd64 (--configure):
   EOF on stdin at conffile prompt
  dpkg: dependency problems prevent configuration of openjdk-7-jre-lib:
   openjdk-7-jre-lib depends on openjdk-7-jre-headless (>= 7~b130~pre0); 
however:
Package openjdk-7-jre-headless:amd64 is not configured yet.
  
  dpkg: error processing openjdk-7-jre-lib (--configure):
   dependency problems - leaving unconfigured

This was observed during a install test of libjogl2-java in experimental


cheers,

Andreas


libjogl2-java_2.0-rc11-1~exp2.log.gz
Description: GNU Zip compressed data
--- End Message ---
--- Begin Message ---
Source: ca-certificates-java
Source-Version: 20121112+nmu2

We believe that the bug you reported is fixed in the latest version of
ca-certificates-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 694...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated ca-certificates-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 27 Jan 2013 14:19:41 +0100
Source: ca-certificates-java
Binary: ca-certificates-java
Architecture: source all
Version: 20121112+nmu2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Andreas Beckmann 
Description: 
 ca-certificates-java - Common CA certificates (JKS keystore)
Closes: 694888
Changes: 
 ca-certificates-java (20121112+nmu2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * postinst, jks-keystore.hook: Do not fail if nss.cfg does not (yet) exist,
 i.e. if openjdk-?-jre-headless is unpacked but not yet configured.
 (Closes: #694888)
   * Set urgency to medium for RC bugfix.
Checksums-Sha1: 
 95be531082a4a4a8554db4df6ea78b6ae58a6a20 1893 
ca-certificates-java_20121112+nmu2.dsc
 f93231d759604b26de78f94714f06dfe84ed3923 10981 
ca-certificates-java_2012

Bug#694889: marked as done (ca-certificates-java: early triggered jks-keystore may fail and leave the temporary /etc/java-7-openjdk/jvm-$arch.cfg)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2013 13:47:28 +
with message-id 
and subject line Bug#694888: fixed in ca-certificates-java 20121112+nmu2
has caused the Debian Bug report #694888,
regarding ca-certificates-java: early triggered jks-keystore may fail and leave 
the temporary /etc/java-7-openjdk/jvm-$arch.cfg
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
694888: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694888
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ca-certificates-java
Version: 20121112+nmu1
Severity: normal
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed some error output, but no
failures, while testing the installation of some java package in
experimental. From the attached log:

  Setting up ca-certificates-java (20121112+nmu1) ...
  sed: can't read /etc/java-7-openjdk/security/nss.cfg: No such file or 
directory
  done.

  Processing triggers for ca-certificates ...
  Updating certificates in /etc/ssl/certs... 159 added, 0 removed; done.
  Running hooks in /etc/ca-certificates/update.d
  sed: can't read /etc/java-7-openjdk/security/nss.cfg: No such file or 
directory
  E: /etc/ca-certificates/update.d/jks-keystore exited with code 2.
  done.

I'm not sure whether this is just noise or a serious error.

cheers,

Andreas


libjogl2-java_2.0-rc11-1~exp2.log.gz
Description: GNU Zip compressed data
--- End Message ---
--- Begin Message ---
Source: ca-certificates-java
Source-Version: 20121112+nmu2

We believe that the bug you reported is fixed in the latest version of
ca-certificates-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 694...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated ca-certificates-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 27 Jan 2013 14:19:41 +0100
Source: ca-certificates-java
Binary: ca-certificates-java
Architecture: source all
Version: 20121112+nmu2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Andreas Beckmann 
Description: 
 ca-certificates-java - Common CA certificates (JKS keystore)
Closes: 694888
Changes: 
 ca-certificates-java (20121112+nmu2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * postinst, jks-keystore.hook: Do not fail if nss.cfg does not (yet) exist,
 i.e. if openjdk-?-jre-headless is unpacked but not yet configured.
 (Closes: #694888)
   * Set urgency to medium for RC bugfix.
Checksums-Sha1: 
 95be531082a4a4a8554db4df6ea78b6ae58a6a20 1893 
ca-certificates-java_20121112+nmu2.dsc
 f93231d759604b26de78f94714f06dfe84ed3923 10981 
ca-certificates-java_20121112+nmu2.tar.gz
 c66559b2e5351c3843b5bee206bed49ff5b099f7 14922 
ca-certificates-java_20121112+nmu2_all.deb
Checksums-Sha256: 
 85c6de9f5fca789292c01885b73b2c18229d56b641d2075f04edd4ed3ca4c392 1893 
ca-certificates-java_20121112+nmu2.dsc
 2665261dd43365bf3238f4d83d9b3a33552f0b6d7a66b06e1247772c85484e0a 10981 
ca-certificates-java_20121112+nmu2.tar.gz
 2b9021a73e184eedf95ad6f72c8eba99bc773351a45e3d4f64c36c41051f 14922 
ca-certificates-java_20121112+nmu2_all.deb
Files: 
 bb4ca7834b6a8410238603b108946c5d 1893 java optional 
ca-certificates-java_20121112+nmu2.dsc
 9562403f0cc9300d29af5b8baa9ddeab 10981 java optional 
ca-certificates-java_20121112+nmu2.tar.gz
 96acfa5e6e0eee9ffdbdefaa0e83d91f 14922 java optional 
ca-certificates-java_20121112+nmu2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRBStNAAoJEF+zP5NZ6e0IAV0P/1JbdyAU6huhCUVrmXEW6g2M
un/gJy8/YinVuKRH5MCgcnv+FSB5fK9WaJOjuwfT+nRcmv4XJ+eVrhPe02m28rA4
eIbEMvEWeEWCGmgFZB+tOYyQ/ZiBGEngUaJa7X06zSUJON1mMMd29MnGIJT9uZAL
NlJlJHhkBcqGxcA5Andym6CFG7fYxZLVNYI6LMJi4gTOqDtZgOTMlm0ZvqXcwjr9
pNgyHXII7pYNjSZ1o3BVvXMZBGjZfAiYVx/5dgmU3JBq9WUz6CvSfOVtBfilv2Rz
IoO1GxH12iedRjvmTp+m37SlnEQC3NRvYVresyf7YiwJMapyB4lTy2/o1fyuPhbW
grKs5+UmGWEuIo+SIe46COspg8u+YE0BYToKbddlaT8xIlHusxDXaHDYQzAKvrvT
QTSeuOYm70lZe5kRFvN0wZfTKENaMBUXJcWfc9y8R6770NhV4ru2M4Plx9djKQv0
6mct4QzhO3ekmG3zJYxHgqQeuINHE/7rbBnnqfxYpYbx05WqcDBx1h9wD3nHX7BY
pB+WtK+vYHsGMXx4PcU2

ca-certificates-java_20121112+nmu2_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 27 Jan 2013 14:19:41 +0100
Source: ca-certificates-java
Binary: ca-certificates-java
Architecture: source all
Version: 20121112+nmu2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Andreas Beckmann 
Description: 
 ca-certificates-java - Common CA certificates (JKS keystore)
Closes: 694888
Changes: 
 ca-certificates-java (20121112+nmu2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * postinst, jks-keystore.hook: Do not fail if nss.cfg does not (yet) exist,
 i.e. if openjdk-?-jre-headless is unpacked but not yet configured.
 (Closes: #694888)
   * Set urgency to medium for RC bugfix.
Checksums-Sha1: 
 95be531082a4a4a8554db4df6ea78b6ae58a6a20 1893 
ca-certificates-java_20121112+nmu2.dsc
 f93231d759604b26de78f94714f06dfe84ed3923 10981 
ca-certificates-java_20121112+nmu2.tar.gz
 c66559b2e5351c3843b5bee206bed49ff5b099f7 14922 
ca-certificates-java_20121112+nmu2_all.deb
Checksums-Sha256: 
 85c6de9f5fca789292c01885b73b2c18229d56b641d2075f04edd4ed3ca4c392 1893 
ca-certificates-java_20121112+nmu2.dsc
 2665261dd43365bf3238f4d83d9b3a33552f0b6d7a66b06e1247772c85484e0a 10981 
ca-certificates-java_20121112+nmu2.tar.gz
 2b9021a73e184eedf95ad6f72c8eba99bc773351a45e3d4f64c36c41051f 14922 
ca-certificates-java_20121112+nmu2_all.deb
Files: 
 bb4ca7834b6a8410238603b108946c5d 1893 java optional 
ca-certificates-java_20121112+nmu2.dsc
 9562403f0cc9300d29af5b8baa9ddeab 10981 java optional 
ca-certificates-java_20121112+nmu2.tar.gz
 96acfa5e6e0eee9ffdbdefaa0e83d91f 14922 java optional 
ca-certificates-java_20121112+nmu2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRBStNAAoJEF+zP5NZ6e0IAV0P/1JbdyAU6huhCUVrmXEW6g2M
un/gJy8/YinVuKRH5MCgcnv+FSB5fK9WaJOjuwfT+nRcmv4XJ+eVrhPe02m28rA4
eIbEMvEWeEWCGmgFZB+tOYyQ/ZiBGEngUaJa7X06zSUJON1mMMd29MnGIJT9uZAL
NlJlJHhkBcqGxcA5Andym6CFG7fYxZLVNYI6LMJi4gTOqDtZgOTMlm0ZvqXcwjr9
pNgyHXII7pYNjSZ1o3BVvXMZBGjZfAiYVx/5dgmU3JBq9WUz6CvSfOVtBfilv2Rz
IoO1GxH12iedRjvmTp+m37SlnEQC3NRvYVresyf7YiwJMapyB4lTy2/o1fyuPhbW
grKs5+UmGWEuIo+SIe46COspg8u+YE0BYToKbddlaT8xIlHusxDXaHDYQzAKvrvT
QTSeuOYm70lZe5kRFvN0wZfTKENaMBUXJcWfc9y8R6770NhV4ru2M4Plx9djKQv0
6mct4QzhO3ekmG3zJYxHgqQeuINHE/7rbBnnqfxYpYbx05WqcDBx1h9wD3nHX7BY
pB+WtK+vYHsGMXx4PcU2dqjY6vAutUeJ9R899m1+waopxlV12SmX1eA7Cp8IHPxH
luxMobi8MG1LEtjLMXjUkXDUTxY6tRlW7i5cTMUkr1dCYSoHsU5f3tbEb6yi1IPT
uaETjBPQsVS2ZSTilkKu
=0wLQ
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#696816: marked as done (jenkins: Security issues were found in Jenkins core)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2013 13:32:46 +
with message-id 
and subject line Bug#696816: fixed in jenkins 1.447.2+dfsg-3
has caused the Debian Bug report #696816,
regarding jenkins: Security issues were found in Jenkins core
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
696816: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696816
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: jenkins
Version: 1.447.2+dfsg-2
Severity: grave
Tags: security

Dear Maintainer,

The upstream vendor announced a security advisory, that is rated high severity.

See: 
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20


Regards,
Nobuhiro
--- End Message ---
--- Begin Message ---
Source: jenkins
Source-Version: 1.447.2+dfsg-3

We believe that the bug you reported is fixed in the latest version of
jenkins, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 696...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Page  (supplier of updated jenkins package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 29 Jan 2013 12:24:30 +
Source: jenkins
Binary: libjenkins-java libjenkins-plugin-parent-java jenkins-common jenkins 
jenkins-slave jenkins-external-job-monitor jenkins-cli jenkins-tomcat
Architecture: source all
Version: 1.447.2+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: James Page 
Description: 
 jenkins- Continuous Integration and Job Scheduling Server
 jenkins-cli - Jenkins CI Command Line Interface
 jenkins-common - Jenkins common Java components and web application
 jenkins-external-job-monitor - Jenkins CI external job monitoring
 jenkins-slave - Jenkins slave node helper
 jenkins-tomcat - Jenkins CI on Tomcat 6
 libjenkins-java - Jenkins CI core Java libraries
 libjenkins-plugin-parent-java - Jenkins Plugin Parent Maven POM
Closes: 696816
Changes: 
 jenkins (1.447.2+dfsg-3) unstable; urgency=high
 .
   [ Steven McDonald ]
   * Fix multiple security issues in Jenkins core (Closes: #696816):
 - d/p/security/CVE-2012-6073.patch: Cherry-picked a fix from 1.480.1
   release to resolve an open redirect vulnerability.
 - d/p/security/CVE-2012-6074.patch: Cherry-picked a fix from 1.480.1
   release to resolve a cross-site scripting vulnerability.
 - Fixes: CVE-2012-6073, CVE-2012-6074
 .
   [ James Page ]
   * Ensure jenkins-winstone with fix for CVE-2012-6072 is picked up
 during build (Closes: #696816):
 - d/control: Version jenkins-winstone BD (>= 0.9.10-jenkins-37+dfsg-2~)
 - Fixes: CVE-2012-6072
Checksums-Sha1: 
 7580f6052d0b1de8c042187493c7beec46dcfb12 4475 jenkins_1.447.2+dfsg-3.dsc
 0b0f0ce70e0fddf7372cb2f2d80cefeb0a9d6af7 54469 
jenkins_1.447.2+dfsg-3.debian.tar.gz
 908211191a44e6a14ea917fd6a3254caa5a71bae 6658952 
libjenkins-java_1.447.2+dfsg-3_all.deb
 3a974e6e2d3b67f2115d0d49390eaddd06108353 14900 
libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 37061a2475eb0f1022a867675d2653b5658db426 33063274 
jenkins-common_1.447.2+dfsg-3_all.deb
 d5245dcbbdc9cfb803cd0bca3cf8ce429a54fcb8 19020 jenkins_1.447.2+dfsg-3_all.deb
 749c52c3ac1b8d622c51507d001061ace186defa 18074 
jenkins-slave_1.447.2+dfsg-3_all.deb
 413ec38b0e056dae3556ebced99bef678e8edfb1 6626398 
jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 7b1d8e91a2f88beeffb4ffed12093219d4d50ac7 667240 
jenkins-cli_1.447.2+dfsg-3_all.deb
 bb00384db5e82f81f192cee6d5f3f444b931b7a2 15170 
jenkins-tomcat_1.447.2+dfsg-3_all.deb
Checksums-Sha256: 
 6ddb43b9296862b9996c31aae806da0e2632b0b9125609bd51d27d5535c163a5 4475 
jenkins_1.447.2+dfsg-3.dsc
 e6ce4634ea28fd27d6192149c70658a41e56b23d892c9c470b006dfe4941fca9 54469 
jenkins_1.447.2+dfsg-3.debian.tar.gz
 4f91500090aff13f7fb4530e91ccdb608d3eee8521f7c76e94172747615cdb64 6658952 
libjenkins-java_1.447.2+dfsg-3_all.deb
 25e9aa9111f7e5d0515410119d8dfa78cdc54ad32a1854ea7f02c41be819c15b 14900 
libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 ef124c9521e11d428466ecdb032b00c0f91c3313b823ed8d39f4510ca6c1b616 33063274 
jenkins-common_1.447.2+dfsg-3_all.deb
 8a04a3558a6c9f1a0cd7fe1c745f18a7bf1d98f4e4

jenkins_1.447.2+dfsg-3_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 29 Jan 2013 12:24:30 +
Source: jenkins
Binary: libjenkins-java libjenkins-plugin-parent-java jenkins-common jenkins 
jenkins-slave jenkins-external-job-monitor jenkins-cli jenkins-tomcat
Architecture: source all
Version: 1.447.2+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: James Page 
Description: 
 jenkins- Continuous Integration and Job Scheduling Server
 jenkins-cli - Jenkins CI Command Line Interface
 jenkins-common - Jenkins common Java components and web application
 jenkins-external-job-monitor - Jenkins CI external job monitoring
 jenkins-slave - Jenkins slave node helper
 jenkins-tomcat - Jenkins CI on Tomcat 6
 libjenkins-java - Jenkins CI core Java libraries
 libjenkins-plugin-parent-java - Jenkins Plugin Parent Maven POM
Closes: 696816
Changes: 
 jenkins (1.447.2+dfsg-3) unstable; urgency=high
 .
   [ Steven McDonald ]
   * Fix multiple security issues in Jenkins core (Closes: #696816):
 - d/p/security/CVE-2012-6073.patch: Cherry-picked a fix from 1.480.1
   release to resolve an open redirect vulnerability.
 - d/p/security/CVE-2012-6074.patch: Cherry-picked a fix from 1.480.1
   release to resolve a cross-site scripting vulnerability.
 - Fixes: CVE-2012-6073, CVE-2012-6074
 .
   [ James Page ]
   * Ensure jenkins-winstone with fix for CVE-2012-6072 is picked up
 during build (Closes: #696816):
 - d/control: Version jenkins-winstone BD (>= 0.9.10-jenkins-37+dfsg-2~)
 - Fixes: CVE-2012-6072
Checksums-Sha1: 
 7580f6052d0b1de8c042187493c7beec46dcfb12 4475 jenkins_1.447.2+dfsg-3.dsc
 0b0f0ce70e0fddf7372cb2f2d80cefeb0a9d6af7 54469 
jenkins_1.447.2+dfsg-3.debian.tar.gz
 908211191a44e6a14ea917fd6a3254caa5a71bae 6658952 
libjenkins-java_1.447.2+dfsg-3_all.deb
 3a974e6e2d3b67f2115d0d49390eaddd06108353 14900 
libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 37061a2475eb0f1022a867675d2653b5658db426 33063274 
jenkins-common_1.447.2+dfsg-3_all.deb
 d5245dcbbdc9cfb803cd0bca3cf8ce429a54fcb8 19020 jenkins_1.447.2+dfsg-3_all.deb
 749c52c3ac1b8d622c51507d001061ace186defa 18074 
jenkins-slave_1.447.2+dfsg-3_all.deb
 413ec38b0e056dae3556ebced99bef678e8edfb1 6626398 
jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 7b1d8e91a2f88beeffb4ffed12093219d4d50ac7 667240 
jenkins-cli_1.447.2+dfsg-3_all.deb
 bb00384db5e82f81f192cee6d5f3f444b931b7a2 15170 
jenkins-tomcat_1.447.2+dfsg-3_all.deb
Checksums-Sha256: 
 6ddb43b9296862b9996c31aae806da0e2632b0b9125609bd51d27d5535c163a5 4475 
jenkins_1.447.2+dfsg-3.dsc
 e6ce4634ea28fd27d6192149c70658a41e56b23d892c9c470b006dfe4941fca9 54469 
jenkins_1.447.2+dfsg-3.debian.tar.gz
 4f91500090aff13f7fb4530e91ccdb608d3eee8521f7c76e94172747615cdb64 6658952 
libjenkins-java_1.447.2+dfsg-3_all.deb
 25e9aa9111f7e5d0515410119d8dfa78cdc54ad32a1854ea7f02c41be819c15b 14900 
libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 ef124c9521e11d428466ecdb032b00c0f91c3313b823ed8d39f4510ca6c1b616 33063274 
jenkins-common_1.447.2+dfsg-3_all.deb
 8a04a3558a6c9f1a0cd7fe1c745f18a7bf1d98f4e4da9fe727ca72808965b92c 19020 
jenkins_1.447.2+dfsg-3_all.deb
 614c585ee5cbbcb3a2364a6c19617032de2a12748cac355120bb34a094694fdd 18074 
jenkins-slave_1.447.2+dfsg-3_all.deb
 945de4b3f3c2e1258672a97420ec02eb16e9de0607b33e629510f6282a61e16b 6626398 
jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 ee97e8668a019ed5831693c8982ee164896a07e61cdb8b1b0fd2441b53abf5d4 667240 
jenkins-cli_1.447.2+dfsg-3_all.deb
 2f38e96b5f0311ae0e682e6be99a6476c1c87e4739c966760c87bce91af9e687 15170 
jenkins-tomcat_1.447.2+dfsg-3_all.deb
Files: 
 3aa1bcba2223e14f0e18b25540a24915 4475 java optional jenkins_1.447.2+dfsg-3.dsc
 91b755829bd3bba318fd4e1ae4aad8e6 54469 java optional 
jenkins_1.447.2+dfsg-3.debian.tar.gz
 24fe7eab2afe044ff6b730625ae902ca 6658952 java optional 
libjenkins-java_1.447.2+dfsg-3_all.deb
 84184f43487b3ff97f3faa1b58bff3f4 14900 java optional 
libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 7cfab88e41805f0c990e8be8388724c3 33063274 java optional 
jenkins-common_1.447.2+dfsg-3_all.deb
 23fc82bfab611810ef92bcd4fe61aea8 19020 java optional 
jenkins_1.447.2+dfsg-3_all.deb
 dee141778396d855688962a5a57f395a 18074 java optional 
jenkins-slave_1.447.2+dfsg-3_all.deb
 b4cc7f614c013a88a6087c82be120cef 6626398 java optional 
jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 41eeaee296a5f3709737d3f97115f62c 667240 java optional 
jenkins-cli_1.447.2+dfsg-3_all.deb
 b7658fc8d8cff31471c3806678183345 15170 java optional 
jenkins-tomcat_1.447.2+dfsg-3_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRB8e4AAoJEL/srsug59jDmXgQAIPZ/iF/mfJgyuqYxKUnHcZu
3hwFWypej1xGQr4cdNThF1GVlMPM2dgtm55BpNMnD8Z3EVf34DK2B50m4LAjoS2V
QwH8yEwHYk+CcWoWGJ8JXWtUh/lzurnjCFh6X+8249sICN3xqqw3HSQv4Bo+kXEC
VMXSlcNMHc4ZDfNK4pz4U5Qy38CtO0a8sT0CPbzSCSIKAIdlfRVYW9uqWXeBoSff
u3cHhjaxYgRr1mkaRaItoS8dV8EejId4tO4sGjBAsVVk5bQZj/oytqCS7Llo5Vd8
oWLll621WDBxkod

Processing of jenkins_1.447.2+dfsg-3_amd64.changes

[Debian FTP Masters]

jenkins_1.447.2+dfsg-3_amd64.changes uploaded successfully to localhost
along with the files:
  jenkins_1.447.2+dfsg-3.dsc
  jenkins_1.447.2+dfsg-3.debian.tar.gz
  libjenkins-java_1.447.2+dfsg-3_all.deb
  libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
  jenkins-common_1.447.2+dfsg-3_all.deb
  jenkins_1.447.2+dfsg-3_all.deb
  jenkins-slave_1.447.2+dfsg-3_all.deb
  jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
  jenkins-cli_1.447.2+dfsg-3_all.deb
  jenkins-tomcat_1.447.2+dfsg-3_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#697617: Reopen jenkins remote execution vulnerability for unstable

[Julien Cristau]

On Tue, Jan 29, 2013 at 12:09:29 +, James Page wrote:

> reopen 697617
> thanks
> 
There's no need to do that, fwiw.  The bts knows if it's fixed in
a certain version then earlier ones are affected...

Cheers,
Julien

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Mark as fixed in experimental

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 697617 jenkins/1.480.2+dfsg-1~exp1
Bug #697617 [jenkins] jenkins: CVE-2013-0158: remote code execution 
vulnerability
Marked as fixed in versions jenkins/1.480.2+dfsg-1~exp1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
697617: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697617
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Reopen jenkins remote execution vulnerability for unstable

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 697617
Bug #697617 {Done: James Page } [jenkins] jenkins: 
CVE-2013-0158: remote code execution vulnerability
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions jenkins/1.480.2+dfsg-1~exp1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
697617: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697617
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#696816: jenkins: Security issues were found in Jenkins core

[James Page]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Steve

On 25/01/13 15:18, Steven McDonald wrote:
> The issue was raised on debian-devel[0] that this bug still
> affects unstable and is causing jenkins to be a candidate for
> removal from wheezy. I have backported the fixes for these issues
> from upstream git; they are attached to this e-mail as separate
> quilt patches for the sake of cleanliness.

Thanks for the patches.

> I have also uploaded a source NMU package[1] to
> mentors.debian.net, which I intend to seek sponsorship for if I
> don't get a reply to this bug report within 72 hours (as the
> deadline given by the Release Team for removal from testing is 31st
> January).

I'll get a new version uploaded to unstable today; note that jenkins
is also effected by another security vulnerability (see [0]) which I
am currently waiting on upstream for a backported fix (its big).

Thanks

James

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697617

- -- 
James Page
Ubuntu Core Developer
Debian Maintainer
james.p...@ubuntu.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCAAGBQJRB7wfAAoJEL/srsug59jDnX8P/1JftdCtKAeVDocwyoz9vzWZ
TkPurLAds5tU1lfp3adn41BpVnvzkuzDkT09yfYZlupqT8I14DfY0jSyCdCx/IrB
q2D9Rl7if3OQTq5cNgVAAzdg9LLyo9b2Pyj97N1B0zUTjDZTYwSlYE+alj7AuXcq
ahdDxNXCE46ZWfqwD+jpBjo4LRcdk/wL8zodu4rvBNFT6bfYV61yWNcrHg8g0eRm
abQHngL3C/yM6hUKSXWp/nurQmZLa/8gG4V1TV8Oal1JbhHakCyUDtxDMTjupmbU
J4QpN6wAdGndkzx+r85FoM4NqvoWRCUB8RCN4JOWF9zsK2hAVPceCMaf20+zH71j
+Ro42JytCbis9vlJfKkJqQnNaHcx7QL8xAykgSlIRdmDx9AdbGAWB7M5CMMtGJvW
3LXcFvcWHBKltqsvbG4/gwn/BR7bN0tZXQoquzYzjpT9qsiPf9oXt3KhPcFI0NO0
TtEltRdQ3NkT5cEBFVd0Cjz4qrsLIgRehJ0Tn+DK+TaCfXOarwExdqx1KrxwN0oO
IR0OMcW+nsxBI6IBCQkxtJ+MS+KNlQQA79XnYEnu1QyG5uJF6ibiV3+NJ1O3Aa4G
6Cq9ghV1lNwzj12CAoOkIZ+em+U2BZ2aHkC5LNC7gD4cMG78mgB5oQiuX26Lu5nc
8GE5eDO4br+DTV6Qdz3g
=jvHr
-END PGP SIGNATURE-

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.