libfastutil-java_7.1.0-1_amd64.changes ACCEPTED into experimental

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 10 Apr 2017 22:04:03 -0700
Source: libfastutil-java
Binary: libfastutil-java libfastutil-java-doc
Architecture: source all
Version: 7.1.0-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Description:
 libfastutil-java - Java API providing type-specific maps, sets, lists and 
queues
 libfastutil-java-doc - API documentation for libfastutil-java
Changes:
 libfastutil-java (7.1.0-1) experimental; urgency=medium
 .
   * New upstream release.
Checksums-Sha1:
 040b527075900c235cf5623b76dfe8b6173c4d5f 2182 libfastutil-java_7.1.0-1.dsc
 3bd6dfd038afb158bea132b486d551c0c0a8b743 375319 
libfastutil-java_7.1.0.orig.tar.gz
 3a9f68fece9ec7786356a8e2b5120b9d1c56dc5f 2976 
libfastutil-java_7.1.0-1.debian.tar.xz
 8a92b9df14bdebe303fb302eb52d6cd5a8e899d5 3636474 
libfastutil-java-doc_7.1.0-1_all.deb
 97abd5724b0efc2eb8b8478026c1d21b577616e5 14386830 
libfastutil-java_7.1.0-1_all.deb
 ac3421cb6fbf5d628ec2629bed0e94507cf89f40 10694 
libfastutil-java_7.1.0-1_amd64.buildinfo
Checksums-Sha256:
 f5cab6d5ef0d624fe07fd5ecbdc55b4ca92e1fe18a5fe6e5cd40582c3e12280b 2182 
libfastutil-java_7.1.0-1.dsc
 21da4f69d90c433d31a02bff8050bc1f7670bd01273eb93c81d61d446a65bae3 375319 
libfastutil-java_7.1.0.orig.tar.gz
 fa9830b9d570bb612eb32ec15b304aaa590b200f6979aa251158a242a04174fa 2976 
libfastutil-java_7.1.0-1.debian.tar.xz
 b402485fb22d4f175ed44b2c93952c90bca27f68a7dfa399d12e818aa3b816bf 3636474 
libfastutil-java-doc_7.1.0-1_all.deb
 d42d4dc06048ff34c5434991062c32a99e14613f339ff544155b52df11f58c5b 14386830 
libfastutil-java_7.1.0-1_all.deb
 1122707646779cb2ecc4c683b31826cbecd8a902a90d0337620ac7ac9cce6c66 10694 
libfastutil-java_7.1.0-1_amd64.buildinfo
Files:
 ab44ebf4c1322309ab9c1fed2ad22d88 2182 java optional 
libfastutil-java_7.1.0-1.dsc
 f851be88d4dd91b777a9098f91e3ed0e 375319 java optional 
libfastutil-java_7.1.0.orig.tar.gz
 529b0c3fa424187397f747ad26a4e8f2 2976 java optional 
libfastutil-java_7.1.0-1.debian.tar.xz
 de79f3182cdda1c04cee0decfa19411e 3636474 doc optional 
libfastutil-java-doc_7.1.0-1_all.deb
 f5a94c5efd6b938eddca927d38774247 14386830 java optional 
libfastutil-java_7.1.0-1_all.deb
 a63a1dcbd8af03c5ced06fe3ed51b651 10694 java optional 
libfastutil-java_7.1.0-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAljsZdUUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpajIA//bqh/YcFpFA79DlL+mnAkJijE86C9
A/IYDdAp0Hx/IEax+57OhWCwUiTcEhT86vNC12PJjzTAFElOA09NSoqDXQuuEwtM
1u+79gXZSnv++AJX3ptL5b9OvgwMI7KRfVXroWhe9BJvMALmLqhMXB+dnuXey/4r
baht651aOWb22581CaSEDyqEOGybUkHXxRDTJP0nDkfO7u/C4OdMKAAXdhbu+oe5
ARqChCjo28vhIcNQ3C3bNa8lDd5+XQtdqM6UzEuYS8zCUTECZlLyfizAoJZeauMk
0jF0vLBRY32UfkGOpy8Ql9qbCI4m6htEzgG/Jp/HPh5sEirj2AkSZpiWEkO+05SQ
WS37t4LRspRfV73gukz4m7xj47hM7xyu8zbpuCSNKJxSoX0RsLzfv/TPFc35hpsL
v3FWaJaQyRUCXkDFr6sDKnaVtxouAGXhg04gnsI+bFFNK8974OKBC2Wy8Fk7jD1h
kW4jjXwK20KHuNSav8mycPB0iVauaEApK3ygp5+qMbqymYIu7B6VagvFkpK3Z62z
v33flbAWwiV1I2uoe0u5PKOIZgTQgc62JkcI7iAh+G/B8VH0945ZAXAa+jyzqusx
R0OtIlF2ZIg119eQxMtmTPAI0HzCWP0OIiHWg2UX7roToA+wta5ld9wybcrcYauY
lvD3zElKlbpoJRw=
=KVAx
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libfastutil-java_7.1.0-1_amd64.changes

[Debian FTP Masters]

libfastutil-java_7.1.0-1_amd64.changes uploaded successfully to localhost
along with the files:
  libfastutil-java_7.1.0-1.dsc
  libfastutil-java_7.1.0.orig.tar.gz
  libfastutil-java_7.1.0-1.debian.tar.xz
  libfastutil-java-doc_7.1.0-1_all.deb
  libfastutil-java_7.1.0-1_all.deb
  libfastutil-java_7.1.0-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#860071: tomcat8: CVE-2017-5651

[Salvatore Bonaccorso]

Source: tomcat8
Version: 8.5.11-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tomcat8.

CVE-2017-5651[0]:
|The refactoring of the HTTP connectors for 8.5.x onwards, introduced a
|regression in the send file processing. If the send file processing
|completed quickly, it was possible for the Processor to be added to the
|processor cache twice. This could result in the same Processor being
|used for multiple requests which in turn could lead to unexpected errors
|and/or response mix-up.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651

Regards,
Salvatore

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#860070: tomcat8: CVE-2017-5650

[Salvatore Bonaccorso]

Source: tomcat8
Version: 8.5.11-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tomcat8.

CVE-2017-5650[0]:
|The handling of an HTTP/2 GOAWAY frame for a connection did not close
|streams associated with that connection that were currently waiting for
|a WINDOW_UPDATE before allowing the application to write more data.
|These waiting streams each consumed a thread. A malicious client could
|therefore construct a series of HTTP/2 requests that would consume all
|available processing threads.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5650

Regards,
Salvatore

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#860069: tomcat8: CVE-2017-5648

[Salvatore Bonaccorso]

Source: tomcat8
Version: 8.0.14-1
Severity: important
Tags: upstream security

Hi,

the following vulnerability was published for tomcat8.

CVE-2017-5648[0]:
|While investigating bug 60718, it was noticed that some calls to
|application listeners did not use the appropriate facade object. When
|running an untrusted application under a SecurityManager, it was
|therefore possible for that untrusted application to retain a
|reference to the request or response object and thereby access and/or
|modify information associated with another web application.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648

Regards,
Salvatore

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#860068: tomcat8: CVE-2017-5647

[Salvatore Bonaccorso]

Source: tomcat8
Version: 8.0.14-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tomcat8.

CVE-2017-5647[0]
|A bug in the handling of the pipelined requests when send file was
|used resulted in the pipelined request being lost when send file
|processing of the previous request completed. This could result in
|responses appearing to be sent for the wrong request. For example, a
|user agent that sent requests A, B and C could see the correct
|response for request A, the response for request C for request B and
|no response for request C.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647

Regards,
Salvatore

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reproducible.debian.net status changes for libcommons-codec-java

[Reproducible builds folks]

2017-04-10 20:58 
https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-codec-java
 changed from unreproducible -> reproducible

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reproducible.debian.net status changes for flute

[Reproducible builds folks]

2017-04-09 01:49 
https://tests.reproducible-builds.org/debian/unstable/amd64/flute changed from 
unreproducible -> reproducible

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reproducible.debian.net status changes for guava-libraries

[Reproducible builds folks]

2017-04-09 08:39 
https://tests.reproducible-builds.org/debian/unstable/amd64/guava-libraries 
changed from unreproducible -> reproducible

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reproducible.debian.net status changes for libproxool-java

[Reproducible builds folks]

2017-04-10 23:03 
https://tests.reproducible-builds.org/debian/unstable/amd64/libproxool-java 
changed from FTBFS -> reproducible

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reproducible.debian.net status changes for eclipse-mercurialeclipse

[Reproducible builds folks]

2017-04-08 21:31 
https://tests.reproducible-builds.org/debian/unstable/amd64/eclipse-mercurialeclipse
 changed from unreproducible -> reproducible

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#858816: Fwd: [ANN] Apache FOP 2.2 Released

[Mathieu Malaterre]

-- Forwarded message --

The Apache XML Graphics team is pleased to announce the immediate
availability of Apache FOP Version 2.2 [1].



Apache FOP (Formatting Objects Processor) [2] is an output independent
print formatter driven by XSL Formatting Objects (XSL-FO) [3]. FOP is
a Java application that reads a formatting object tree and renders the
resulting pages to a specified output format, of which a variety of
formats are supported. Apache FOP is published under the Apache
License v2.0.



This release fixes a number of bugs. In addition the following
significant functional enhancements are provided:

PCL Color support

Allow generation of bold/italic versions of fonts for PDF

Allow to convert OTF fonts to Type 1 for Postscript

Deduplicate PDF content streams

Update to PDFBox 2

Transition from Ant to Maven Build Process



For release notes see [4]. Source and binary distributions can be
downloaded from an ASF Mirror at [5]. Further download information is
available at [6]. Maven artifacts for this release are available at
[7].



Note, that depending on which download mirror you use, it may take up
to 24 hours to see the download images at [5].



[1] http://xmlgraphics.apache.org/fop/2.2/

[2] http://xmlgraphics.apache.org/fop

[3] http://www.w3.org/TR/xsl11/

[4] http://xmlgraphics.apache.org/fop/changes.html

[5] http://www.apache.org/dyn/closer.cgi/xmlgraphics/fop

[6] http://xmlgraphics.apache.org/fop/download.html

[7] 
https://repository.apache.org/index.html#nexus-search;gav~org.apache.xmlgraphics~fop~2.2~~



The Apache XML Graphics team.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#860030: Please update to latest release

[Laurent Bigonville]

Package: plexus-io
Version: 1.0~alpha5-2
Severity: normal

Hi,

The version of plexus-io in debian is really (really) old.

In Fedora they are shipping 2.7.1.

The repository have moved to github
https://github.com/codehaus-plexus/plexus-io

Regards,

Laurent Bigonville

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.