Bug#611130: marked as done (CVE-2010-2087)
Your message dated Mon, 31 Mar 2014 16:28:14 +0300 with message-id 20140331132814.ga4...@kludge.henri.nerv.fi and subject line closing has caused the Debian Bug report #611130, regarding CVE-2010-2087 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 611130: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611130 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mojarra Severity: grave Tags: security http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2087 Please get in touch with upstream, whether this has been addressed. Cheers, Moritz -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Closing as wontfix. In case you reopen this bug please add more details about the issue. More information is needed. Also from security tracker Affected feature is fundamentally insecure --- Henri Salo signature.asc Description: Digital signature ---End Message--- __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Re: svnkit is marked for autoremoval from testing
On Mon, Mar 31, 2014 at 04:40:59AM +, Debian testing autoremoval watch wrote: svnkit 1.7.5+dfsg-2 is marked for autoremoval from testing on 2014-04-29 It is affected by these RC bugs: 735763: svnkit: FTBFS: [javac] /??BUILDDIR??/svnkit-1.7.5+dfsg/svnkit-javahl16/src/main/java/org/apache/subversion/javahl/SVNClient.java:32: error: SVNClient is not abstract and does not override abstract method propertyGet(String,String,Revision,Revision,CollectionString) in ISVNClient Given this notification, I'll take care of this bug. I think the solution to this is to package a new upstream release, however upstream switched SVNKit building process to Gradle. What worries me about this is not SVNKit but current Gradle state in Debian. I would like to improve Gradle, but in my experience the maintenance of that package is not trivial and requires lots and lots of time that I currently don't have. Help with this is more than welcome, of course. -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://db.debian.org/fetchkey.cgi?fingerprint=4CB7FE1E280ECC90F29A597E6E608B637D8967E9 Faith means not wanting to know what is true. -- Nietzsche signature.asc Description: Digital signature __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#743213: svnkit: Please package 1.8.5 or a newer release
Package: src:svnkit Version: 1.7.5+dfsg-2 Severity: normal As title says. -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.13-0.bpo.1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://db.debian.org/fetchkey.cgi?fingerprint=4CB7FE1E280ECC90F29A597E6E608B637D8967E9 Faith means not wanting to know what is true. -- Nietzsche signature.asc Description: Digital signature __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
libcommons-compress-java 1.8-2 MIGRATED to testing
FYI: The status of the libcommons-compress-java source package in Debian's testing distribution has changed. Previous version: 1.8-1 Current version: 1.8-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
libjogl2-java 2.1.5-1 MIGRATED to testing
FYI: The status of the libjogl2-java source package in Debian's testing distribution has changed. Previous version: 2.1.4-1 Current version: 2.1.5-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
java-package 0.54 MIGRATED to testing
FYI: The status of the java-package source package in Debian's testing distribution has changed. Previous version: 0.53 Current version: 0.54 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: Bug#743131: FTBFS if default-jdk is gcj-jdk
Processing commands for cont...@bugs.debian.org: tags 743131 + patch jessie sid Bug #743131 [glpk-java] FTBFS if default-jdk is gcj-jdk Added tag(s) sid, jessie, and patch. clone 743131 -1 Bug #743131 [glpk-java] FTBFS if default-jdk is gcj-jdk Bug 743131 cloned as bug 743234 reassign -1 src:eclipse-cdt Bug #743234 [glpk-java] FTBFS if default-jdk is gcj-jdk Bug reassigned from package 'glpk-java' to 'src:eclipse-cdt'. No longer marked as found in versions 1.0.32-1. Ignoring request to alter fixed versions of bug #743234 to the same values previously set found -1 eclipse-cdt/8.3.0-1 Bug #743234 [src:eclipse-cdt] FTBFS if default-jdk is gcj-jdk Marked as found in versions eclipse-cdt/8.3.0-1. thanks Stopping processing here. Please contact me if you need assistance. -- 743131: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743131 743234: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743234 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#743234: Bug#743131: FTBFS if default-jdk is gcj-jdk
Am 31.03.2014 19:50, schrieb Steven Chamberlain: tags 743131 + patch jessie sid clone 743131 -1 reassign -1 src:eclipse-cdt found -1 eclipse-cdt/8.3.0-1 thanks Hi, On 31/03/14 17:49, Sébastien Villemot wrote: Therefore, would that be an acceptable course of action for you if I restrict the architecture set of glpk-java to those were the default JDK is openjdk, and then downgrade the present bug to severity important? A better way seems to be: Build-Depends: default-jdk (= 2:1.6) which is satisfied only by arches having openjdk-6 or openjdk-7 as default currently. That way, if kfreebsd (or any other architecture) switches to openjdk as default in the future, your package can be built again without changes. (Although - I'm hoping kfreebsd, along with all release architectures, might be able to use openjdk-7 for jessie, greatly simplifying things and making this change unnecessary). In the meantime, the outdated kfreebsd binaries could be removed by ftpmaster if you'd like the package to migrate. Steven, the kfreebsd port was backported from OpenJDK 8 by Damien. In the past we had to wait for several months for updated kfreebsd patches to get the openjdk-7 built again on these architectures, despite pinging the kfreebsd porters. How did that change? How can you make sure that this won't repeat again? I'm not in favour defaulting that again to openjdk-7 or openjdk-6. Matthias __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#735763: svnkit is marked for autoremoval from testing
On 2014-03-31 17:11, Markus Koschany wrote: On 31.03.2014 15:40, Miguel Landaeta wrote: [...] Help with this is more than welcome, of course. I have committed some changes to svnkit two weeks ago and tried to build the latest upstream release. [1] My impression is that we need a new version of libtrilead-ssh2-java first and that the package would otherwise build just fine with ant. If anyone can tell me where I can find a newer version of trilead-ssh2, I might be able to package a new version and fix this bug. Regards, Markus [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735763#22 Hi, Thanks for looking into it. Also, Miguel - great that you are taking ownership of this bug (among others). Pro-tip for dealing with these kind of auto-removals: If you CC the bug in your updates: * the timer is reset * we can easier find the latest information about the bug in the bug. :) Particularly, the first one is important as it gives us more time to solve the bug. ~Niels __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#743248: java-wrappers: jvm-list.sh does not list Oracle Java7 runtime
Package: java-wrappers Version: 0.1.27 Severity: normal Hello, I received a bug report on launchpad.net for this issue. https://bugs.launchpad.net/ubuntu/+source/mediathekview/+bug/1299803 Apparently the non-free Oracle Java7 runtime environment is not listed as a valid Java7 runtime in /usr/lib/java-wrappers/jvm-list.sh. This makes every wrapper script fail that uses require_java_runtime java7 if the user did not install OpenJDK7. Although I recommend the use of OpenJDK7 with MediathekView, I think the non-free JRE from Oracle should be listed in jvm-list.sh too as it already has been done with Sun Java6. Regards, Markus __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
