polyglot-maven 0.8~tobrien+git20120905-8 MIGRATED to testing

2017-11-18 Thread Debian testing watch 
FYI: The status of the polyglot-maven source package
in Debian's testing distribution has changed.

  Previous version: 0.8~tobrien+git20120905-7
  Current version:  0.8~tobrien+git20120905-8

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libcommons-codec-java 1.11-1 MIGRATED to testing

2017-11-18 Thread Debian testing watch 
FYI: The status of the libcommons-codec-java source package
in Debian's testing distribution has changed.

  Previous version: 1.10-1
  Current version:  1.11-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

mojarra 2.2.8-4 MIGRATED to testing

2017-11-18 Thread Debian testing watch 
FYI: The status of the mojarra source package
in Debian's testing distribution has changed.

  Previous version: 2.2.8-3
  Current version:  2.2.8-4

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jtreg 4.2-b09-1 MIGRATED to testing

2017-11-18 Thread Debian testing watch 
FYI: The status of the jtreg source package
in Debian's testing distribution has changed.

  Previous version: 4.2-b08-1
  Current version:  4.2-b09-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

derby 10.14.1.0-1 MIGRATED to testing

2017-11-18 Thread Debian testing watch 
FYI: The status of the derby source package
in Debian's testing distribution has changed.

  Previous version: 10.13.1.1-2
  Current version:  10.14.1.0-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

androidsdk-tools REMOVED from testing

2017-11-18 Thread Debian testing watch 
FYI: The status of the androidsdk-tools source package
in Debian's testing distribution has changed.

  Previous version: 22.2+git20130830~92d25d6-4
  Current version:  (not in testing)
  Hint: 
Bug #879175: androidsdk-tools: Duplicate of android-platform-tools-swt

The script that generates this mail tries to extract removal
reasons from comments in the britney hint files. Those comments
were not originally meant to be machine readable, so if the
reason for removing your package seems to be nonsense, it is
probably the reporting script that got confused. Please check the
actual hints file before you complain about meaningless removals.

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reproducible.debian.net status changes for geronimo-jpa-2.0-spec

2017-11-18 Thread Reproducible builds folks 
2017-11-18 01:12 
https://tests.reproducible-builds.org/debian/unstable/amd64/geronimo-jpa-2.0-spec
 changed from reproducible -> unreproducible
2017-11-18 02:37 
https://tests.reproducible-builds.org/debian/unstable/amd64/geronimo-jpa-2.0-spec
 changed from unreproducible -> reproducible

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#865499: gradle fails to start in unstable after plexus-containers update

2017-11-18 Thread Dillon Gilmore 
I'm actually having the inverse issue. Unsure of what changes have been
made since this last report:

Caused by: java.lang.IllegalArgumentException: Cannot find JAR
'plexus-component-annotations.jar' required by module
'gradle-dependency-management' using classpath or distribution directory
'/usr/share/gradle'

Solution:

cd /usr/share/java
ln -s plexus-component-annotations-1.5.jar plexus-component-annotations.jar
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#879001: marked as done (CVE-2017-12197: libpam4j: Account check bypass)

2017-11-18 Thread Debian Bug Tracking System 
Your message dated Sat, 18 Nov 2017 22:19:23 +
with message-id 
and subject line Bug#879001: fixed in libpam4j 1.4-2+deb8u1
has caused the Debian Bug report #879001,
regarding CVE-2017-12197: libpam4j: Account check bypass
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879001
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libpam4j
Version: 1.4-2
Severity: grave
Tags: security

Hi,

the following vulnerability was published for libpam4j.

CVE-2017-12197[0]: libpam4j: Account check bypass

PAM.authentication() does not call pam_acct_mgmt(). As a consequence, the
PAM account is not properly verified. Any user with a valid password but
with deactivated or disabled account is able to log in.

https://bugzilla.redhat.com/show_bug.cgi?id=1503103

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12197

Please adjust the affected versions in the BTS as needed.



-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
--- End Message ---
--- Begin Message ---
Source: libpam4j
Source-Version: 1.4-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
libpam4j, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated libpam4j package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 07 Nov 2017 13:40:55 +0100
Source: libpam4j
Binary: libpam4j-java libpam4j-java-doc
Architecture: source all
Version: 1.4-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libpam4j-java - Java binding for libpam.so
 libpam4j-java-doc - Documentation for Java binding for libpam.so
Closes: 879001
Changes:
 libpam4j (1.4-2+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-12197 (Closes: #879001):
 It was discovered that libpam4j does not call pam_acct_mgmt().
 As a consequence, the PAM account is not properly
 verified. Any user with a valid password but with deactivated or
 disabled account was able to log in.
Checksums-Sha1:
 105d9b87b0572ff220531668a544997812788ac6 2288 libpam4j_1.4-2+deb8u1.dsc
 1335e34fba33ab2531265ced9dbd58295476a81c 6880 libpam4j_1.4.orig.tar.gz
 2500657ab3ebc3545fa6d3e45feac626a6e8c3e6 4980 
libpam4j_1.4-2+deb8u1.debian.tar.xz
 2c0ed786161a14cab91cf296adc0c076ca7827d9 14868 
libpam4j-java_1.4-2+deb8u1_all.deb
 618779d577c23c5dd835c339013955f2024d7a11 129648 
libpam4j-java-doc_1.4-2+deb8u1_all.deb
Checksums-Sha256:
 5fae6bbd99b2cf248270243c6cec0d56e740d618c75bc24032555b20af4c175c 2288 
libpam4j_1.4-2+deb8u1.dsc
 83e738e7e6d5055adaaffccd0caa10ba03a13ea59bd016f9bb4d1306c7c3f550 6880 
libpam4j_1.4.orig.tar.gz
 7614b9fab4a0102f6dd2a30ed6d76781aea31955f35839513c4a858a06307dc2 4980 
libpam4j_1.4-2+deb8u1.debian.tar.xz
 f7fa3cea0a66abaa813daab57eb3be02de07bd23d2a21049699ab0b1c2a77c7d 14868 
libpam4j-java_1.4-2+deb8u1_all.deb
 82920e6410269ca366f4dc17d8c38701fff12abe14a7721b68adbc3afd2e42d9 129648 
libpam4j-java-doc_1.4-2+deb8u1_all.deb
Files:
 e8fbbb11541dce6adc63149f509dbcf4 2288 java optional libpam4j_1.4-2+deb8u1.dsc
 20d90b25f700a559f022d870682f5659 6880 java optional libpam4j_1.4.orig.tar.gz
 33b0e775cee4e845cb9e45e42e5b7865 4980 java optional 
libpam4j_1.4-2+deb8u1.debian.tar.xz
 8d3f16b7266b1a7e1f2ad5413252811b 14868 java optional 
libpam4j-java_1.4-2+deb8u1_all.deb
 8b6f74c2a9b50b6ed9071b4c83a9121f 129648 doc optional 
libpam4j-java-doc_1.4-2+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

Bug#870848: marked as done (jackson-databind: CVE-2017-7525: Deserialization vulnerability via readValue method of ObjectMapper)

2017-11-18 Thread Debian Bug Tracking System 
Your message dated Sat, 18 Nov 2017 22:19:00 +
with message-id 
and subject line Bug#870848: fixed in jackson-databind 2.4.2-2+deb8u1
has caused the Debian Bug report #870848,
regarding jackson-databind: CVE-2017-7525: Deserialization vulnerability via 
readValue method of ObjectMapper
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870848: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870848
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jackson-databind
Version: 2.8.6-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/FasterXML/jackson-databind/issues/1599

Hi,

the following vulnerability was published for jackson-databind.

CVE-2017-7525[0]:
Deserialization vulnerability via readValue method of ObjectMapper

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Upstream tracking is at [2].

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525
[1] https://github.com/FasterXML/jackson-databind/issues/1599
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7525

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jackson-databind
Source-Version: 2.4.2-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
jackson-databind, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated jackson-databind package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 19 Oct 2017 01:44:42 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.4.2-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data 
binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Closes: 870848
Changes:
 jackson-databind (2.4.2-2+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-7525: Deserialization vulnerability via readValue
 method of ObjectMapper. (Closes: #870848)
Checksums-Sha1:
 bed1c6ec546555eb0e49ccaea6857242ef849cf3 2688 
jackson-databind_2.4.2-2+deb8u1.dsc
 aaec538f967e8cd0bbff405eef753d10ba2df664 851898 
jackson-databind_2.4.2.orig.tar.gz
 1ae7f0fdae862453a3f0ae6f76f13c053a87e59e 6220 
jackson-databind_2.4.2-2+deb8u1.debian.tar.xz
 95e9a700283eb51c8032018f4986828350058395 985394 
libjackson2-databind-java_2.4.2-2+deb8u1_all.deb
 a879aefe50adfc4823b1d076edef6fc016cdfcab 4749164 
libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb
Checksums-Sha256:
 8160da76d47ac9d45241761140b61cc26e9dd071a36e8614250764b473634dfd 2688 
jackson-databind_2.4.2-2+deb8u1.dsc
 06d8378c6ab40aca83354acf625969801e014a447756ad07e16365925ddf3aa1 851898 
jackson-databind_2.4.2.orig.tar.gz
 565f027fdb76103557f7e34236c269fa52459c32bc9174eeadbf5d30e0e84230 6220 
jackson-databind_2.4.2-2+deb8u1.debian.tar.xz
 aec403bf86dd9d1c02ba956518fd64c5ed9b8c4df9ee3bae9f4edc205fa5 985394 
libjackson2-databind-java_2.4.2-2+deb8u1_all.deb
 088dd770a71d875faaee183ad9f7c7e5e9c5ffbd66bdd8432225971b47274edb 4749164 
libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb
Files:
 659b09d354809dc185c3cea754e24703 2688 java optional 
jackson-databind_2.4.2-2+deb8u1.dsc
 a3cef86907e85f401571db6d5d5ae358 851898 java optional 
jackson-databind_2.4.2.orig.tar.gz
 b0b2c0c073904b9299d50f6e62272912 6220 java optional 
jackson-databind_2.4.2-2+deb8u1.debian.tar.xz
 b71da66cc63df8ec0ad08a551fa02958 985394 java optional 
libjackson2-databind-java_2.4.2-2+deb8u1_all.deb
 422670e2acd0adb48667c8cd7dd38568 4749164 doc optional 
libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb

libpam4j_1.4-2+deb8u1_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

2017-11-18 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 07 Nov 2017 13:40:55 +0100
Source: libpam4j
Binary: libpam4j-java libpam4j-java-doc
Architecture: source all
Version: 1.4-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libpam4j-java - Java binding for libpam.so
 libpam4j-java-doc - Documentation for Java binding for libpam.so
Closes: 879001
Changes:
 libpam4j (1.4-2+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-12197 (Closes: #879001):
 It was discovered that libpam4j does not call pam_acct_mgmt().
 As a consequence, the PAM account is not properly
 verified. Any user with a valid password but with deactivated or
 disabled account was able to log in.
Checksums-Sha1:
 105d9b87b0572ff220531668a544997812788ac6 2288 libpam4j_1.4-2+deb8u1.dsc
 1335e34fba33ab2531265ced9dbd58295476a81c 6880 libpam4j_1.4.orig.tar.gz
 2500657ab3ebc3545fa6d3e45feac626a6e8c3e6 4980 
libpam4j_1.4-2+deb8u1.debian.tar.xz
 2c0ed786161a14cab91cf296adc0c076ca7827d9 14868 
libpam4j-java_1.4-2+deb8u1_all.deb
 618779d577c23c5dd835c339013955f2024d7a11 129648 
libpam4j-java-doc_1.4-2+deb8u1_all.deb
Checksums-Sha256:
 5fae6bbd99b2cf248270243c6cec0d56e740d618c75bc24032555b20af4c175c 2288 
libpam4j_1.4-2+deb8u1.dsc
 83e738e7e6d5055adaaffccd0caa10ba03a13ea59bd016f9bb4d1306c7c3f550 6880 
libpam4j_1.4.orig.tar.gz
 7614b9fab4a0102f6dd2a30ed6d76781aea31955f35839513c4a858a06307dc2 4980 
libpam4j_1.4-2+deb8u1.debian.tar.xz
 f7fa3cea0a66abaa813daab57eb3be02de07bd23d2a21049699ab0b1c2a77c7d 14868 
libpam4j-java_1.4-2+deb8u1_all.deb
 82920e6410269ca366f4dc17d8c38701fff12abe14a7721b68adbc3afd2e42d9 129648 
libpam4j-java-doc_1.4-2+deb8u1_all.deb
Files:
 e8fbbb11541dce6adc63149f509dbcf4 2288 java optional libpam4j_1.4-2+deb8u1.dsc
 20d90b25f700a559f022d870682f5659 6880 java optional libpam4j_1.4.orig.tar.gz
 33b0e775cee4e845cb9e45e42e5b7865 4980 java optional 
libpam4j_1.4-2+deb8u1.debian.tar.xz
 8d3f16b7266b1a7e1f2ad5413252811b 14868 java optional 
libpam4j-java_1.4-2+deb8u1_all.deb
 8b6f74c2a9b50b6ed9071b4c83a9121f 129648 doc optional 
libpam4j-java-doc_1.4-2+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloB63JfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkqsgP/jCDxC83xF0xTVu25R8TMEA/WqSIzjbb1hQO
IrY6AiIJUrL+r6H32AQ9MvUZoQfGtFeQ/EiYUlewHvKGhC+XKcKeaLTMXHJ00hGw
+s1Gu/Q6hTi5a/yuWh5rhVi2UE+aKlHJv1gJwXDn8w0FyBBrtReKvY66EaGi+tgk
S3RjuMY8RUMeaThuxUYKEGxfQWRniO/l95VyL1+92rc2YfOj82NRe0GsDf2p8lZk
VhCuHSeqE03HcPHc91sMkHq0CLOCwHErMSxAyvaKS33jxy1xJqnVoRbOTTi2yJGO
kliPCZcm2FrABpCmC6GQH1OLVpinuIhmHY0WwfV0zuw8ALyw8I1vpnrJ+b32d7Pl
o3D/Ir3p6PcsAVja6hmbDzFbQKAhe9l/MDezQcfAVl5tJ49g8NtIV1p4C47hpBpO
ezcJfeFM6rtIVJs8ocd8VQcCuWW7LlrBXd+/azQkzgbT2mcO2u6//lWxR3V1a9p7
0UMcRKbIWMBza+4OqDMK7sRkpOEq+QPWvmOcM3IaCEYW3DU0BOtM+sjBObwZQlqR
JcaKGlZ/ceHMLzJwQoZkaMXw0xutfD60iUu2ZhtGvLbwyQXQJCE8ISBpzo3ytAld
+OMv3FhGdnrtF9F9vf95yvn78bTYHFeyp7/JI3ypP17hJuk7o9d/EeMMmdlsBDx1
B7lE5Kmd
=shRh
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jackson-databind_2.4.2-2+deb8u1_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

2017-11-18 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 19 Oct 2017 01:44:42 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.4.2-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data 
binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Closes: 870848
Changes:
 jackson-databind (2.4.2-2+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-7525: Deserialization vulnerability via readValue
 method of ObjectMapper. (Closes: #870848)
Checksums-Sha1:
 bed1c6ec546555eb0e49ccaea6857242ef849cf3 2688 
jackson-databind_2.4.2-2+deb8u1.dsc
 aaec538f967e8cd0bbff405eef753d10ba2df664 851898 
jackson-databind_2.4.2.orig.tar.gz
 1ae7f0fdae862453a3f0ae6f76f13c053a87e59e 6220 
jackson-databind_2.4.2-2+deb8u1.debian.tar.xz
 95e9a700283eb51c8032018f4986828350058395 985394 
libjackson2-databind-java_2.4.2-2+deb8u1_all.deb
 a879aefe50adfc4823b1d076edef6fc016cdfcab 4749164 
libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb
Checksums-Sha256:
 8160da76d47ac9d45241761140b61cc26e9dd071a36e8614250764b473634dfd 2688 
jackson-databind_2.4.2-2+deb8u1.dsc
 06d8378c6ab40aca83354acf625969801e014a447756ad07e16365925ddf3aa1 851898 
jackson-databind_2.4.2.orig.tar.gz
 565f027fdb76103557f7e34236c269fa52459c32bc9174eeadbf5d30e0e84230 6220 
jackson-databind_2.4.2-2+deb8u1.debian.tar.xz
 aec403bf86dd9d1c02ba956518fd64c5ed9b8c4df9ee3bae9f4edc205fa5 985394 
libjackson2-databind-java_2.4.2-2+deb8u1_all.deb
 088dd770a71d875faaee183ad9f7c7e5e9c5ffbd66bdd8432225971b47274edb 4749164 
libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb
Files:
 659b09d354809dc185c3cea754e24703 2688 java optional 
jackson-databind_2.4.2-2+deb8u1.dsc
 a3cef86907e85f401571db6d5d5ae358 851898 java optional 
jackson-databind_2.4.2.orig.tar.gz
 b0b2c0c073904b9299d50f6e62272912 6220 java optional 
jackson-databind_2.4.2-2+deb8u1.debian.tar.xz
 b71da66cc63df8ec0ad08a551fa02958 985394 java optional 
libjackson2-databind-java_2.4.2-2+deb8u1_all.deb
 422670e2acd0adb48667c8cd7dd38568 4749164 doc optional 
libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlno6DtfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkN6sP/R5OmelgmwfHqdY/uxRgYiShd07PLp5Ej1Hw
iJQkhbM9GmDLCWyPWaS+YVCLqYKW6RVr5AtiNhTZZ1Ir4Oq0yEQB8mukc2BL+sjj
Aa33AVIUOIn2lp5x+rZIu5lEAhutzcqJszhzbhTfp+3Sni7kFQs4OfYOWH8VcCjL
x0Z7RoSUmnqJwpHBnn9Z7OM2t9IBA3PopAUMPNOaRGAn1Vlm3lMt5LaI7mCsErKL
+Z6rdOwDjs3Xf8wzdmCeB1PuePQkPL7iEIANSzZmUXkmFLwghRj466pyq4/AtuKA
kDfEIXb5ftzlzsMbx6CNeFJb1u3bDszOttRoZ2GviSeqjdHsHy4A87+7dCL4jsUA
BI0ofNCCEqL68Tz0bA2NZiUucKpKp7n0NpVd15kSIIQ5cPt/iUqjD0ETe7SIHsD4
+DNZ/v+acSL27QXPQNcaRVOOELQnn0Ci6oXr34C7qDXKhoQtwgEAE6soRfU5DMnR
8hq7aWzn0Hbp3MCUesBZ8g4VHpV0M6oqjBxzcaI2HrJFSNsrohXwFNUfZxQkV+z7
gb9PTdCTaF0ocO1XrEw6H0W7warKmMbXlMrBNwscquSFZZz2HblhIasCN93dEmi3
BjOieGkpEoWGDYC7TxmtALfM8Yp0kvRe30fBeGr2v9tWvlXNsZAeDUg12C6Ox0eK
kedvQKwv
=nf5x
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jackson-databind_2.4.2-2+deb8u2_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

2017-11-18 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 09:13:27 +0100
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.4.2-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Sebastien Delafond 
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data 
binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Changes:
 jackson-databind (2.4.2-2+deb8u2) jessie-security; urgency=high
 .
   * Team upload
   * CVE-2017-15095: incomplete fixes for CVE-2017-7525
Checksums-Sha1:
 0240e15212dc0bf1e79c9674510a8e9c11c3bdc8 2192 
jackson-databind_2.4.2-2+deb8u2.dsc
 287da5c76b58823b3f88353e991c985752d1f174 7916 
jackson-databind_2.4.2-2+deb8u2.debian.tar.xz
 e5234b5b193259170e870489672b9a267f4f6d43 985372 
libjackson2-databind-java_2.4.2-2+deb8u2_all.deb
 c2a69e32bf3f3a3ee01ab707a26f8e9fa80d49b5 4765216 
libjackson2-databind-java-doc_2.4.2-2+deb8u2_all.deb
Checksums-Sha256:
 73a868a73b10fbaf19b0cd2dd9e885378e23e9ae7daa5f9e5699b80d60e3ab13 2192 
jackson-databind_2.4.2-2+deb8u2.dsc
 48c3bbad4055516c56ee628789b57648f7a8249a7995e34868c2518ee4fc9dec 7916 
jackson-databind_2.4.2-2+deb8u2.debian.tar.xz
 d73d866eccda0c97e8dd97e5b5c0e69d4c6fb5034592149779ecc61933b5aee5 985372 
libjackson2-databind-java_2.4.2-2+deb8u2_all.deb
 cb2c8f031c2ff90ad1844821cf6bb75fe3ec4439b8bd5d1e986b2bf97a8f879d 4765216 
libjackson2-databind-java-doc_2.4.2-2+deb8u2_all.deb
Files:
 d4ad98cd17bff99d37d66129cf5b736e 2192 java optional 
jackson-databind_2.4.2-2+deb8u2.dsc
 00f707c0640fc60245ba3adf4d73dfda 7916 java optional 
jackson-databind_2.4.2-2+deb8u2.debian.tar.xz
 8f5c67b5c6e70f505bc3842752002414 985372 java optional 
libjackson2-databind-java_2.4.2-2+deb8u2_all.deb
 35b01965573b720616593593f28cd336 4765216 doc optional 
libjackson2-databind-java-doc_2.4.2-2+deb8u2_all.deb

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAloNavMACgkQEL6Jg/PV
nWSkZAf9FjtQWMZRNbYXBAB/fkwtNnWjKijKefJwG5avfUmwuwEEmkfmoIdVcFE/
NcTsZh14cjILu+QMyLbrihKy8Y0EhNWz6rhyPQAENN8qpXvq8ksDBRHQHKuhAvJ9
ohAO80vs9+1gtTbs0S4VOtxhgnMqSYvO3WDql0vnQjH4NU+DLYlhoZ/CN5FTaD7P
FwcTEU+RgI6MKFpUJs6cYNy39O6/dI23bbpVJBCjL+uQ2iLsSdK6Hj6zsr/Gjjad
uuzzRXXgn5zp+pwIyvWZGBLjiDD9JiMhITyWSktTlQdqUiWw/AMmge4bmJNzwEe8
mf93O7py75SNiV+9E9etOvVJvvyD6g==
=3Lxs
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jackson-databind_2.8.6-1+deb9u2_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

2017-11-18 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 08:55:34 +0100
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source
Version: 2.8.6-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Sebastien Delafond 
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data 
binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Changes:
 jackson-databind (2.8.6-1+deb9u2) stretch-security; urgency=high
 .
   * Team upload
   * CVE-2017-15095: incomplete fixes for CVE-2017-7525
Checksums-Sha1:
 a84976610bea5ad3e59138d9444bbe8d17af7fcc 2198 
jackson-databind_2.8.6-1+deb9u2.dsc
 68b0ab9e322dc63a431773ca9ba75f75cf146db3 7412 
jackson-databind_2.8.6-1+deb9u2.debian.tar.xz
 856c03ef06f1a2fd18f0a7fcec87f162dfd33aef 16012 
jackson-databind_2.8.6-1+deb9u2_amd64.buildinfo
Checksums-Sha256:
 65a995391127339f5d15509731f1d69d0c872e0e8b5d5715cbf9dd9cb67243fa 2198 
jackson-databind_2.8.6-1+deb9u2.dsc
 853f6e949bd624ee5f898c6af1ff886ccc0da2abe16728d8c586b7d3bb6b2e0e 7412 
jackson-databind_2.8.6-1+deb9u2.debian.tar.xz
 d1088cdc9d0dfe7b0c57e2ce3f6002313bfb64ff144fef7e0549a232fcbb2080 16012 
jackson-databind_2.8.6-1+deb9u2_amd64.buildinfo
Files:
 3bca2156706603568e53d0807b83c30a 2198 java optional 
jackson-databind_2.8.6-1+deb9u2.dsc
 6a8ac8b37498676a9f769ee3b354b76d 7412 java optional 
jackson-databind_2.8.6-1+deb9u2.debian.tar.xz
 d59f8e9f390c1bff0f8f47a1dc37559c 16012 java optional 
jackson-databind_2.8.6-1+deb9u2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAloNafUACgkQEL6Jg/PV
nWQV/gf/WSXy/5KodUygC3yi1c04bVRoxGzGnIFasje7T+44b8bsouMJsnH6ghTd
71duic7/u1W9mPgrFUyIKcK3ErqdKOFKpaNeKDp59/llU3iYybLQd8837agCe+rL
n26UWTAuhKzVhuktomJbZyxhYTkUCbu/DWh+xMLRBvatmMMz/MVHnoIrnYJrGM6s
NIWgzZLBzXIjv2b/NquoXcq4fpASy0c1ibUPxgv0xaqKQEh6/fXKTmFqxo9t+87o
n0X50EYNLa1jN6kNg/TXttWPVwwYkZ9jopS3U1CW1mdpg7NCUjWuxDLnyjNST3s2
7NacZuq/kaM/6PspJ+9yiwIpjbs6hg==
=cLiT
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#882052: byte-buddy: missing build dependency on libeclipse-aether-java

2017-11-18 Thread Emmanuel Bourg 
Good catch. Actually it should depend on maven-resolver, eclipse-aether is 
about to be removed.
Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#882052: byte-buddy: missing build dependency on libeclipse-aether-java

2017-11-18 Thread Adrian Bunk 
Source: byte-buddy
Version: 1.7.2-1
Severity: serious

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/byte-buddy.html

...
[INFO] 
[INFO] 
[INFO] Skipping Byte Buddy (parent)
[INFO] This project has been banned from the build due to previous failures.
[INFO] 
[INFO] 
[INFO] Reactor Summary:
[INFO] 
[INFO] Byte Buddy (parent)  SUCCESS [  1.141 s]
[INFO] Byte Buddy (with dependencies) . SUCCESS [01:20 min]
[INFO] Byte Buddy (without dependencies) .. SUCCESS [  4.145 s]
[INFO] Byte Buddy (Maven plugin) .. FAILURE [  0.025 s]
[INFO] 
[INFO] BUILD FAILURE
[INFO] 
[INFO] Total time: 01:26 min
[INFO] Finished at: 2018-12-20T16:58:06-12:00
[INFO] Final Memory: 42M/1586M
[INFO] 
[ERROR] Failed to execute goal on project byte-buddy-maven-plugin: Could not 
resolve dependencies for project 
net.bytebuddy:byte-buddy-maven-plugin:maven-plugin:1.7.2: The following 
artifacts could not be resolved: org.eclipse.aether:aether-api:jar:debian, 
org.eclipse.aether:aether-util:jar:debian: Cannot access central 
(https://repo.maven.apache.org/maven2) in offline mode and the artifact 
org.eclipse.aether:aether-api:jar:debian has not been downloaded from it 
before. -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please 
read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
[ERROR] 
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn  -rf :byte-buddy-maven-plugin
dh_auto_build: /usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/lib/jvm/default-java/lib/tools.jar
 -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/build/1st/byte-buddy-1.7.2 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
-Dproperties.file.manual=/build/1st/byte-buddy-1.7.2/debian/maven.properties 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml 
-Ddebian.dir=/build/1st/byte-buddy-1.7.2/debian 
-Dmaven.repo.local=/build/1st/byte-buddy-1.7.2/debian/maven-repo --batch-mode 
package javadoc:jar javadoc:aggregate -DskipTests -Dnotimestamp=true 
-Dlocale=en_US returned exit code 1
debian/rules:4: recipe for target 'build' failed
make: *** [build] Error 2

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.