Bug#849167: marked as done (libspring-java: CVE-2016-9878)

[Debian Bug Tracking System]

Your message dated Fri, 23 Dec 2016 09:06:01 +
with message-id 
and subject line Bug#849167: fixed in libspring-java 4.3.5-1
has caused the Debian Bug report #849167,
regarding libspring-java: CVE-2016-9878
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
849167: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849167
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libspring-java
Version: 4.3.4-3
Severity: important
Tags: security patch upstream

Hi,

the following vulnerability was published for libspring-java.

CVE-2016-9878[0]:
Directory Traversal in the Spring Framework ResourceServlet

Interesting, is that the code in
./spring-webmvc/src/main/java/org/springframework/web/servlet/ResourceServlet.java
looks quite more similar to the code-fix as for the 3.2.x branch.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9878

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libspring-java
Source-Version: 4.3.5-1

We believe that the bug you reported is fixed in the latest version of
libspring-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 849...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated libspring-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 23 Dec 2016 09:12:16 +0100
Source: libspring-java
Binary: libspring-core-java libspring-beans-java libspring-aop-java 
libspring-context-java libspring-context-support-java libspring-web-java 
libspring-web-servlet-java libspring-web-portlet-java libspring-test-java 
libspring-transaction-java libspring-jdbc-java libspring-messaging-java 
libspring-jms-java libspring-orm-java libspring-expression-java 
libspring-oxm-java libspring-instrument-java
Architecture: source all
Version: 4.3.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libspring-aop-java - modular Java/J2EE application framework - AOP
 libspring-beans-java - modular Java/J2EE application framework - Beans
 libspring-context-java - modular Java/J2EE application framework - Context
 libspring-context-support-java - modular Java/J2EE application framework - 
Context Support
 libspring-core-java - modular Java/J2EE application framework - Core
 libspring-expression-java - modular Java/J2EE application framework - 
Expression language
 libspring-instrument-java - modular Java/J2EE application framework - 
Instrumentation
 libspring-jdbc-java - modular Java/J2EE application framework - JDBC tools
 libspring-jms-java - modular Java/J2EE application framework - JMS tools
 libspring-messaging-java - modular Java/J2EE application framework - Messaging 
tools
 libspring-orm-java - modular Java/J2EE application framework - ORM tools
 libspring-oxm-java - modular Java/J2EE application framework - Object/XML 
Mapping
 libspring-test-java - modular Java/J2EE application framework - Test helpers
 libspring-transaction-java - modular Java/J2EE application framework - 
transaction
 libspring-web-java - modular Java/J2EE application framework - Web
 libspring-web-portlet-java - modular Java/J2EE application framework - Portlet 
MVC
 libspring-web-servlet-java - modular Java/J2EE application framework - Web 
Portlet
Closes: 849167
Changes:
 libspring-java (4.3.5-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release
 - Fixes CVE-2016-9878: Directory Traversal in ResourceServlet
   (Closes: #849167)
 - Refreshed the patches
Checksums-Sha1:
 b319ef3347f94bb2fe7b68dc2e32dc171095cc23 5221 libspring-java_4.3.5-1.dsc
 1fe50d2dfae0e92c74844d8695be170f6275fdcc 7051404 
libspring-java_4.3.5.orig.tar.xz
 

clucy_0.4.0-2_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 23 Dec 2016 11:32:17 +0100
Source: clucy
Binary: libclucy-clojure
Architecture: source all
Version: 0.4.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libclucy-clojure - Clojure interface to the Lucene search engine
Changes:
 clucy (0.4.0-2) unstable; urgency=medium
 .
   * Team upload.
   * Build depend on clojure (>= 1.8)
   * Standards-Version updated to 3.9.8
   * Switch to debhelper level 10
   * Use a secure Vcs-Git URL
Checksums-Sha1:
 d20fec19f4bc60b7dbfb072fb503be31acb5aa2c 2096 clucy_0.4.0-2.dsc
 d9111feafc1e8208ad0462958500d031e5318114 7160 clucy_0.4.0-2.debian.tar.xz
 6e31e95b91445ebab90c9d0bfbc0a6c0ca672bad 9431 clucy_0.4.0-2_amd64.buildinfo
 2e1be54aee2f8ce0e909f333de438fc25f6c7620 11940 libclucy-clojure_0.4.0-2_all.deb
Checksums-Sha256:
 6092f6903350b1d4cbc4f572c472e5cddcd6c1cd30394502725ababe22e00573 2096 
clucy_0.4.0-2.dsc
 09ec65cfdbc41a60fd02f5497d528d4556a2b14765cf0a23c6ffaa48cb15ee7b 7160 
clucy_0.4.0-2.debian.tar.xz
 51ea00aa8285847f46a3af4aa618cded6f9b60f7cfac3d4997716fbe124ffd0d 9431 
clucy_0.4.0-2_amd64.buildinfo
 e2b9823868c9bcc0d05d37188405734d1f4a20351fb049a5cf2ac40355d38481 11940 
libclucy-clojure_0.4.0-2_all.deb
Files:
 318c28d241bfb65f78fc40194e4e4769 2096 java optional clucy_0.4.0-2.dsc
 2b41fdd478b1cba03bfb6f966c9452f8 7160 java optional clucy_0.4.0-2.debian.tar.xz
 9a8cec26e5b6892117411d0c77b27646 9431 java optional 
clucy_0.4.0-2_amd64.buildinfo
 e2614ad9caf68e961dbf023709b0c485 11940 java optional 
libclucy-clojure_0.4.0-2_all.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlhc/WAACgkQ9RPEGeS5
0Ky9WhAAu0xK21CCGKe9g2aGrUIK/KK4dx36uTMueko/bqFA+cl6tdn/MonMHL3S
vKWRbwhQCmi3ywaf2E6TLQGsJgcJ6OMR95tS3jINxzyY0gpWqUhaQp3hCjYweTZE
rRMZnAnacg/HmNJ7FLBM7iLOr+gITWu48XQU0o0bSJRRONzCExCrkY1/74PEX8yH
+4o8QQf2JoEpwyqxbVJfudWLEKymRrKDcDUow2pVtpuXPc0yTb5aOhOtdl/3oTZV
0I6Mnl8lKr+glCeaBax8dK4rcWrByWoAr7NFGEb5JozjtGOzM5sXvDsJZrwl/oXn
YkVtHnrx9G3VW/Je5sJ1AMUxmNunU6bErJ7V6aUeLdh+QBWR2Pg9B9LclrpeLPzh
11kqAGTkXD/fUHgNK7e0yIbArJP1EN5USog+q3SaVVeeua8YHm5z9YKhu4VE+o9g
yWqkp0zWNdHB5BT+Gbcv9Wv6J/D7DtW9v5hq4WPT8BiyPhcZd7N2RCPZnHbrtlo4
k6gnSmphVtTmeaMsjAnNqrP/PBa7TP28bY1ttS/iQxoA6+3XfeGeEeOibY0lGCzN
hsBId+Q2JNfEe56Iugp9BEp9TfkcYBb8ipI6Bsi63e1lBkHnR6ng/GXSlCf49vEh
L0FSEBAIsNnKPYW3BlsH7XawkhJrgWm7QuHpFLy7SE4NSqxzCYg=
=wfYt
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libbultitude-clojure_0.2.7-1_amd64.changes

[Debian FTP Masters]

libbultitude-clojure_0.2.7-1_amd64.changes uploaded successfully to localhost
along with the files:
  libbultitude-clojure_0.2.7-1.dsc
  libbultitude-clojure_0.2.7.orig.tar.xz
  libbultitude-clojure_0.2.7-1.debian.tar.xz
  libbultitude-clojure_0.2.7-1_all.deb
  libbultitude-clojure_0.2.7-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libtools-logging-clojure_0.2.3-5_amd64.changes

[Debian FTP Masters]

libtools-logging-clojure_0.2.3-5_amd64.changes uploaded successfully to 
localhost
along with the files:
  libtools-logging-clojure_0.2.3-5.dsc
  libtools-logging-clojure_0.2.3-5.debian.tar.xz
  libtools-logging-clojure_0.2.3-5_all.deb
  libtools-logging-clojure_0.2.3-5_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of robert-hooke_1.3.0-3_amd64.changes

[Debian FTP Masters]

robert-hooke_1.3.0-3_amd64.changes uploaded successfully to localhost
along with the files:
  robert-hooke_1.3.0-3.dsc
  robert-hooke_1.3.0-3.debian.tar.xz
  librobert-hooke-clojure_1.3.0-3_all.deb
  robert-hooke_1.3.0-3_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of clucy_0.4.0-2_amd64.changes

[Debian FTP Masters]

clucy_0.4.0-2_amd64.changes uploaded successfully to localhost
along with the files:
  clucy_0.4.0-2.dsc
  clucy_0.4.0-2.debian.tar.xz
  clucy_0.4.0-2_amd64.buildinfo
  libclucy-clojure_0.4.0-2_all.deb

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libdynapath-clojure_0.2.5-1_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 23 Dec 2016 11:55:30 +0100
Source: libdynapath-clojure
Binary: libdynapath-clojure
Architecture: source all
Version: 0.2.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libdynapath-clojure - Clojure protocol and util functions for class loaders
Changes:
 libdynapath-clojure (0.2.5-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release
   * Build depend on clojure (>= 1.8)
   * Standards-Version updated to 3.9.8
   * Switch to debhelper level 10
   * Use secure Vcs-* URLs
   * Fixed debian/watch
Checksums-Sha1:
 bca9fe018267ad7861b311b6fb60bf3f43b00c70 2123 libdynapath-clojure_0.2.5-1.dsc
 04fb08b2715eb8022849b24d731f018ab43e7854 13712 
libdynapath-clojure_0.2.5.orig.tar.xz
 39d507e43275990e8f3191622a0691397afd9e1a 6216 
libdynapath-clojure_0.2.5-1.debian.tar.xz
 31985bf5a8741cdb855f8923cf1451b88aabdd84 10522 
libdynapath-clojure_0.2.5-1_all.deb
 a0fccb3f707e44ed330af69b1cd8eef1e2712a2c 9479 
libdynapath-clojure_0.2.5-1_amd64.buildinfo
Checksums-Sha256:
 743d7dd800ec327dda3c778df3eac63cebcd79a608de2a2a9ec7aea024d58c24 2123 
libdynapath-clojure_0.2.5-1.dsc
 9259957ada7cdc3f336fa3cef8918e67098eb921382d222454258d735179fe0c 13712 
libdynapath-clojure_0.2.5.orig.tar.xz
 84aaebd16fc61bfec3305c6d23d7754bb747241422f3eb975cf0df67a51a4414 6216 
libdynapath-clojure_0.2.5-1.debian.tar.xz
 b201e1bc9ded65a41e0acdc092c2d3b095d70eb0d8105ca2215d9c4906ae44c7 10522 
libdynapath-clojure_0.2.5-1_all.deb
 18c976d3165abb598cd3b2397873e0b66ef31a12689afef5c69f213bddb7dc84 9479 
libdynapath-clojure_0.2.5-1_amd64.buildinfo
Files:
 1eacd96902ee87b998538fe3882e771c 2123 java optional 
libdynapath-clojure_0.2.5-1.dsc
 909c6fb95405c1abf99d2f3eb3258a6d 13712 java optional 
libdynapath-clojure_0.2.5.orig.tar.xz
 e2b718f116dcf3647f125cc998895228 6216 java optional 
libdynapath-clojure_0.2.5-1.debian.tar.xz
 bddb93b10ece12d415d5b00daedc9371 10522 java optional 
libdynapath-clojure_0.2.5-1_all.deb
 706fd6cced91db88906f4a672a695126 9479 java optional 
libdynapath-clojure_0.2.5-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlhdAtQACgkQ9RPEGeS5
0KwIaRAAh7lAJ8bsa/xa2aIF2Bmdjih0tLsDghi7bpFZzZv7bTZzYiTO7ACKI6LZ
naO/3fDE+LieEcceTvOtIw3kuLO9U5H9qVj7rJ/AFzk2beNAtI9/u+Rwkk9Kw7io
9Ufhlfn1GTA/pnnb+fjf2eilHrWYuzlLSk7uVJH9Go6Q1nYdSFMGzJCzmsFT5qiB
m00eayrRKyHgUMA9WSSf497a+FH0Ryb5w5H7uFtRelj5Zk0GNEKovd+u7yH5VJRB
pvFmdGBLOb8DerRF1x08tVIUaqGqNwFekW6yOrRjmiP5hUpSvzCxaRjWOvCh3hGg
9SGf7+KMvfVyGP+fgQIExYoIJ+KaZLZakQ+tOz/+CANxlVbLm3FI72z+KNxjzgm2
5949sPPohdW2SCoUQZuRe5t1wBjffXFuvDvGl4o5mb1kAFJ8+K4jJ47Z+O1/FvRA
veqDIzAy7EujhCPNOnpcuWcUvafjlW6I9HhYyl70911GYUjm0Zo1y3F4RvbaFiuZ
P9+gNreIqWAJWEkS7ja8Jjnl5DhkzvnSMJIarVca4pt2YnZnPyZJFiGf+C+G+UPQ
+zyHeFQGhwRbdDZd4CeMbFwccxlpkzTGXyntnQ/WgHnb1A3rK7JTyU4frqivMjyP
WAWO11kjZTD6/6rlLxvaTU0s94NoFoyKibDEc7fDwjFg3K2XiZs=
=Eu5k
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

robert-hooke_1.3.0-3_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 23 Dec 2016 12:18:19 +0100
Source: robert-hooke
Binary: librobert-hooke-clojure
Architecture: source all
Version: 1.3.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 librobert-hooke-clojure - Function wrapper library for Clojure
Changes:
 robert-hooke (1.3.0-3) unstable; urgency=medium
 .
   * Team upload.
   * Build depend on clojure (>= 1.8)
   * Standards-Version updated to 3.9.8
   * Switch to debhelper level 10
   * Use a secure Vcs-Git URL
Checksums-Sha1:
 73cc071ffa939f3af750c426edc34ab876189e23 2168 robert-hooke_1.3.0-3.dsc
 beab91fb6769e89ab346b3ebcb17b63f685a271d 7992 
robert-hooke_1.3.0-3.debian.tar.xz
 b02b1f911f61beab44a15b830b1a4e8f6bf0f4d4 12332 
librobert-hooke-clojure_1.3.0-3_all.deb
 8f55bac5bd04c435b032e23b9dd77be8819aecc1 9548 
robert-hooke_1.3.0-3_amd64.buildinfo
Checksums-Sha256:
 3d77a39f5a54db3f4069707131e37f660b3d51d87fc002ed1b7f71a9cec8d41a 2168 
robert-hooke_1.3.0-3.dsc
 8e7722dbc7fa2b7df1dcb921c1ca6ebe78bae2a1d2034d26ca860be0e40e91e0 7992 
robert-hooke_1.3.0-3.debian.tar.xz
 ad025e937a5dc36e16efc7068a3e2dad8ce00453a5eea14f7c694fe3bc4aea34 12332 
librobert-hooke-clojure_1.3.0-3_all.deb
 477c0d95d24d605e4bcfa42914e49ad670b0ac413d9d70fb7b527f506e10b270 9548 
robert-hooke_1.3.0-3_amd64.buildinfo
Files:
 0763f7fff4d360735e4748f4b2591786 2168 java optional robert-hooke_1.3.0-3.dsc
 e4fc0f1434213f389db864fded05e3b1 7992 java optional 
robert-hooke_1.3.0-3.debian.tar.xz
 36aa37d8c516cf92f2e1f2649f64e0c1 12332 java optional 
librobert-hooke-clojure_1.3.0-3_all.deb
 f895bde8701d9b58713d6d8646fda361 9548 java optional 
robert-hooke_1.3.0-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlhdCB4ACgkQ9RPEGeS5
0Ky9Gg/+Jd+XquT3F4FHyDTEL8OJQHNmNCvbd7m7mcQPmwjAFU2855RWTYQNom8D
Hj3/SYninIM6sCHtJpkMA2USiSWiRQMr6zapi24kiDE7XamsbsnpsD/uvbYxGqwH
0l2u+PnoHrtjKqdrxji172oG+pO7gvkgFf6YhJdsPpLLx8YvvatlDFQ3JwFLuw+H
2+Q+oTrcRZ1bhb54Mb3TRddz3+2dadUYKpzmzM0KBlykkj7Jt4Tp/SPE7tVEBHEY
eKre8fYsLD9MRNFZr839+oIcja2xe0s84CUbZJgMqfieS9YL69a5WtH4ZGgTqSm5
zz3oHpA+gHqOEzzgxBRmnaJnu/DuI7gO6RCw1Cp+9X194+1Ls5kM9/IajK1oCevo
UzrehYClHPcwls/KW5sAFBIzroAT2roRKCxQdgzx6CkAUnDijc5/KH09EFyfVkfT
AStTUjRsC3k8/oiPzfXG+z/hugdvc3Qteta0GtU8lamnex1ZQ3iNbq80EzuP71xx
mdTxVKQZ5qdS5fxiqeTBOXYbQr1SONvUlOfxtN5CDYYF2rsfDHsuhJFGpH5SZDdH
rLwndulmq+D0ZyGehGLRtxW/NeVoK5xjKvElCXD/+iuRIJ2gtjsEbGvAGHm0/Xt/
o10C1NCU78gjd+Uw8wYXnn6VcGDbSm7zGZGDqcOs/l1Qq4HB5g8=
=iojK
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libtools-macro-clojure_0.1.5-1_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 23 Dec 2016 12:12:26 +0100
Source: libtools-macro-clojure
Binary: libtools-macro-clojure
Architecture: source all
Version: 0.1.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libtools-macro-clojure - Clojure tools for writing macros
Changes:
 libtools-macro-clojure (0.1.5-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release
   * Build depend on clojure (>= 1.8)
   * Standards-Version updated to 3.9.8
   * Switch to debhelper level 10
   * Use secure Vcs-* URLs
   * Fixed debian/watch
Checksums-Sha1:
 9a5c67a119e8542155d1cce2e2b4724c75cb0e22 2186 
libtools-macro-clojure_0.1.5-1.dsc
 8a51aae9d7835159ea52f59c5774d7d7bd4f3701 9760 
libtools-macro-clojure_0.1.5.orig.tar.xz
 81216fd91708e3bbd6917c0715ff94d9a4a7bf59 6332 
libtools-macro-clojure_0.1.5-1.debian.tar.xz
 750dbb78438391d10696210ee5f2f034e4414027 12114 
libtools-macro-clojure_0.1.5-1_all.deb
 a586a1eb18958002d2f1b03c2b4bd4844785961e 9594 
libtools-macro-clojure_0.1.5-1_amd64.buildinfo
Checksums-Sha256:
 c348f8d4c2f4b35eeddc9c4b14a0821882ba1bf7d0bb490225b34612f18845ab 2186 
libtools-macro-clojure_0.1.5-1.dsc
 492fca7fc62711eb18aac7dc1c92e69d8822b3a9faa4e82e1e4e90ae19c30a3e 9760 
libtools-macro-clojure_0.1.5.orig.tar.xz
 2ab505e93ca4d1f5ca15d2abfac5f5c2550875966983f3868a4ad9b9129212ea 6332 
libtools-macro-clojure_0.1.5-1.debian.tar.xz
 ffe4b55108cc208f3c2244fcba67ddaa06164a1daadc69c23ca43a6c26a2e2a7 12114 
libtools-macro-clojure_0.1.5-1_all.deb
 aefb5f9728eea100cc6ab4874e4a94ecefeb74465b5061975fdf8d1d345c5686 9594 
libtools-macro-clojure_0.1.5-1_amd64.buildinfo
Files:
 5ddb1ad8245973d13c0e47fcb596521f 2186 java optional 
libtools-macro-clojure_0.1.5-1.dsc
 6414fdf1b929d9c1f6980655ea062d39 9760 java optional 
libtools-macro-clojure_0.1.5.orig.tar.xz
 50f74f0820821a5fb3cf0abb269ae0ca 6332 java optional 
libtools-macro-clojure_0.1.5-1.debian.tar.xz
 1f75163c0dd3a00f53adede856c5eed5 12114 java optional 
libtools-macro-clojure_0.1.5-1_all.deb
 4db98d7cb6b5b0359880b12baf5be349 9594 java optional 
libtools-macro-clojure_0.1.5-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlhdBt8ACgkQ9RPEGeS5
0KyvHQ/+IBZ6f/4eL60YxMo9GxX0hQZ986BmIyOI21/IGtuc239HZimzkIhz9Tqe
5C34IdR0NwDKKgecGyqGvc7i0w8CSCAsrlPMMedgJgYKrxzGbdRbYCMtWVbCWA6P
0xFBvgZTEoqoJMWv324i/NkZo5gaS/FJnTirWUXQZAV3ouJLY8GaqIR4d8eXQdHd
dtQ/JXO2wYoM/+ykdw32cvZrZZdxEYvDNiNNJSUfbZyc84+c5nZLNJ36jIuIe06v
w7K+2fC94YmO7J/JrK1ebDmXWJfYxDFDmLHojfKPuYU+Po4kSmX3FHskSnVVC7lm
x1wxT+3CV5Boc4VvlzH9o0gglTU4T4FziP3BM3gDb8EnSjFTwmEmzlNHDm1TbkIs
jRX6GXcJ7+MWryrQ/A6Kzx3h6jiR2EdbAl0XEMQEKV98Qw7BXRNdFB56wlO6W/Ji
c/IEWsLGZfD69U1ydQraGggod6mZP2FyUhZfHaAvdF3dyyCA+nLv8jqkXFpJpQLk
SNoXWw7dVE8TNKEFO/AoM7fd22dJmzWBC7U4zmejiQRYe9RWoK09yuwid9kk/VSN
TOhcabp9lHi0tOzTjuLi1acOrGrHTkG7EnFBAbDD4Fppubsjyyc5ZHh3EkUNoZFd
gM4Ep6fp8gYtUbJA+HQfwf8UE+ofHizd3I+zh7Wk7xrDfz8PvKI=
=c620
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libdynapath-clojure_0.2.5-1_amd64.changes

[Debian FTP Masters]

libdynapath-clojure_0.2.5-1_amd64.changes uploaded successfully to localhost
along with the files:
  libdynapath-clojure_0.2.5-1.dsc
  libdynapath-clojure_0.2.5.orig.tar.xz
  libdynapath-clojure_0.2.5-1.debian.tar.xz
  libdynapath-clojure_0.2.5-1_all.deb
  libdynapath-clojure_0.2.5-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libtools-logging-clojure_0.2.3-5_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 23 Dec 2016 12:02:28 +0100
Source: libtools-logging-clojure
Binary: libtools-logging-clojure
Architecture: source all
Version: 0.2.3-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libtools-logging-clojure - Logging macros for Clojure
Changes:
 libtools-logging-clojure (0.2.3-5) unstable; urgency=medium
 .
   * Team upload.
   * Build depend on clojure (>= 1.8)
   * Standards-Version updated to 3.9.8
   * Switch to debhelper level 10
   * Use secure Vcs-* URLs
   * Fixed debian/watch
Checksums-Sha1:
 fcd983e9476c817492e85471a99431892ea6c52e 2212 
libtools-logging-clojure_0.2.3-5.dsc
 f46d859581fce6403c1122b7fcd1c3b40e7cdd11 6464 
libtools-logging-clojure_0.2.3-5.debian.tar.xz
 f144385718676678d44e2434487e9cf31b3e326e 14326 
libtools-logging-clojure_0.2.3-5_all.deb
 57687686e47498b9c0269c56d4cfcff75bec227a 9612 
libtools-logging-clojure_0.2.3-5_amd64.buildinfo
Checksums-Sha256:
 5332859302660065af3c3f89cc624ff08f078ff852c4a8ded06ae424ee22d4b2 2212 
libtools-logging-clojure_0.2.3-5.dsc
 82eb02add2c050fb4d01af87f63669f3040cde46800d113d09bf9b600b3e4ba1 6464 
libtools-logging-clojure_0.2.3-5.debian.tar.xz
 657f4fd7d400a34094f6ad331008b2f82365917f0078386d520c2d8292ec7db6 14326 
libtools-logging-clojure_0.2.3-5_all.deb
 4db7bbf543e03fee1e96a06fdb2203e69217bd02e90d48c8d04bae652b546181 9612 
libtools-logging-clojure_0.2.3-5_amd64.buildinfo
Files:
 5f42a19b0efd76f14c7b5e6205d9977e 2212 java optional 
libtools-logging-clojure_0.2.3-5.dsc
 21db13692523963510dede342720e8fa 6464 java optional 
libtools-logging-clojure_0.2.3-5.debian.tar.xz
 72b1b7077c09d08c583810e47827b2a5 14326 java optional 
libtools-logging-clojure_0.2.3-5_all.deb
 1254c00e864f9de625089c68be0f34bf 9612 java optional 
libtools-logging-clojure_0.2.3-5_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlhdBG0ACgkQ9RPEGeS5
0KwE2RAAxMh6QBoysQZE8MsKMaDJzfsfEmVjEVXu2V09ECXVXnayr+ESHabW8bW+
MN2PaFYGJ06e6ZRxtjFE0uc9cdKzLZDeReVFA/sSGzuZTKb0kfc2XpvZBVkfmn8c
3nPUmNzRWIgWFsMxFdKJ0OvIQRTACE+1FjWKAkgqTvahvG2IrkGMHIbw9A3dyCTq
cabfXSfa9/HgDLVUmgjEa3ur1ee2XbEowOYIDn+FMUTuLYi93Sd9W/7P5qaCB+qz
OMFQ0kFcJWJOMwWJ8B1TZKWXAeVQCxJby4m/6XpWaPvSr6Ia69gm9Nms5/gRR97T
YLnvrQ378HpqJ/005f9bTq4XXjhV2NEf0YMSz3ZF7FxUKihXcNCJvaAiixk4TtC9
GRjiI/eSobRY/TvGTXGoW1yL12LX6bkUcyT5TRBgVA8JbXzzLzFAlbAfnkffdEJF
8m7Uz7aSrM25r3xLHN0zjprC5sL16clEhiDy+SHRp7vnwMESMDt1HvRdCS+mVug8
kidQ/5fgdN+RhCQRASWXRDF+LAd3lXjAVa2a9PPMYeWO62EoX+96eFWshkg+6keG
z9c0B5GaS5o3tWa6gghGERuWwR7obzash05b+Q7E28WoMpwRpiv96C6NUqC+w5jM
BHLDBzBIQdvCxass5Scux8DV3Uf/S3moc+ag0km34qlWFSABrFQ=
=vyOT
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

tycho 0.25.0-1 MIGRATED to testing

[Debian testing watch]

FYI: The status of the tycho source package
in Debian's testing distribution has changed.

  Previous version: (not in testing)
  Current version:  0.25.0-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libcommons-attributes-java REMOVED from testing

[Debian testing watch]

FYI: The status of the libcommons-attributes-java source package
in Debian's testing distribution has changed.

  Previous version: 2.2-8
  Current version:  (not in testing)
  Hint: Package not in unstable

The script that generates this mail tries to extract removal
reasons from comments in the britney hint files. Those comments
were not originally meant to be machine readable, so if the
reason for removing your package seems to be nonsense, it is
probably the reporting script that got confused. Please check the
actual hints file before you complain about meaningless removals.

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#845393: marked as done (CVE-2016-9774: privilege escalation via upgrade)

[Debian Bug Tracking System]

Your message dated Fri, 23 Dec 2016 18:32:35 +
with message-id 
and subject line Bug#845393: fixed in tomcat8 8.0.14-1+deb8u5
has caused the Debian Bug report #845393,
regarding CVE-2016-9774: privilege escalation via upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
845393: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tomcat8
Version: 8.0.14-1+deb8u4
Severity: critical
Tags: security

Having installed tomcat8, the directory /etc/tomcat8/Catalina is set
writable by group tomcat8, as per the postinst script. Then the tomcat8
user, in the situation envisaged in DSA-3670 and DSA-3720, see also
  http://seclists.org/fulldisclosure/2016/Oct/4
could use something like commands
  mv -i /etc/tomcat8/Catalina/localhost /etc/tomcat8/Catalina/localhost-OLD
  ln -s /etc/shadow /etc/tomcat8/Catalina/localhost
to create a symlink:
  # ls -l /etc/tomcat8/Catalina/localhost
  lrwxrwxrwx 1 tomcat8 tomcat8 11 Nov 23 10:19 /etc/tomcat8/Catalina/localhost 
-> /etc/shadow
Then when the tomcat8 package is upgraded (e.g. for the next DSA),
the postinst script runs
  chmod 775 /etc/tomcat8/Catalina /etc/tomcat8/Catalina/localhost
and that will make the /etc/shadow file world-readable (and
group-writable). Other useful attacks might be to make the objects:
  /root/.Xauthority
  /etc/ssh/ssh_host_dsa_key
world-readable; or make something (already owned by group tomcat8)
group-writable (some "policy" setting maybe?).

Cheers, Paul

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of SydneyAustralia
--- End Message ---
--- Begin Message ---
Source: tomcat8
Source-Version: 8.0.14-1+deb8u5

We believe that the bug you reported is fixed in the latest version of
tomcat8, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 845...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated tomcat8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sat, 17 Dec 2016 09:19:36 +0100
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java 
libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.0.14-1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API 
classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java 
API documenta
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8- Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web 
application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web 
applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Closes: 845385 845393
Changes:
 tomcat8 (8.0.14-1+deb8u5) jessie-security; urgency=high
 .
   * Fixed CVE-2016-9774: Potential privilege escalation when the tomcat8
 package is upgraded. Thanks to Paul Szabo for the report (Closes: #845393)
   * Fixed CVE-2016-9775: Potential privilege escalation when the tomcat8
 package is purged. Thanks to Paul Szabo for the report (Closes: #845385)
   * Fixed CVE-2016-6816: The code that parsed the HTTP request line permitted
 invalid characters. This could be exploited, in conjunction with a proxy
 that also permitted the invalid characters but with a different
 interpretation, to inject data into the HTTP response. By manipulating the
 HTTP response the attacker could poison a web-cache, perform an XSS attack
 and/or obtain sensitive information from requests other 

Bug#845385: marked as done (CVE-2016-9775: privilege escalation via removal)

[Debian Bug Tracking System]

Your message dated Fri, 23 Dec 2016 18:32:35 +
with message-id 
and subject line Bug#845385: fixed in tomcat8 8.0.14-1+deb8u5
has caused the Debian Bug report #845385,
regarding CVE-2016-9775: privilege escalation via removal
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
845385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tomcat8
Version: 8.0.14-1+deb8u4
Severity: critical
Tags: security

Having installed tomcat8, the directory /etc/tomcat8/Catalina is set
writable by group tomcat8, as per the postinst script. Then the tomcat8
user, in the situation envisaged in DSA-3670 and DSA-3720, see also
  http://seclists.org/fulldisclosure/2016/Oct/4
could use something like commands
  touch /etc/tomcat8/Catalina/attack
  chmod 2747 /etc/tomcat8/Catalina/attack
to create a file:
  # ls -l /etc/tomcat8/Catalina/attack
  -rwxr-Srwx 1 tomcat8 tomcat8 0 Nov 23 09:00 /etc/tomcat8/Catalina/attack
Then if the tomcat8 package is removed (purged?), the postrm script runs
  chown -Rhf root:root /etc/tomcat8/
and that will leave the file world-writable, setgid root:
  # ls -l /etc/tomcat8/Catalina/attack
  -rwxr-Srwx 1 root root 0 Nov 23 09:00 /etc/tomcat8/Catalina/attack
allowing "group root" access to the world.

Cheers, Paul

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of SydneyAustralia
--- End Message ---
--- Begin Message ---
Source: tomcat8
Source-Version: 8.0.14-1+deb8u5

We believe that the bug you reported is fixed in the latest version of
tomcat8, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 845...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated tomcat8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sat, 17 Dec 2016 09:19:36 +0100
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java 
libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.0.14-1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API 
classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java 
API documenta
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8- Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web 
application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web 
applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Closes: 845385 845393
Changes:
 tomcat8 (8.0.14-1+deb8u5) jessie-security; urgency=high
 .
   * Fixed CVE-2016-9774: Potential privilege escalation when the tomcat8
 package is upgraded. Thanks to Paul Szabo for the report (Closes: #845393)
   * Fixed CVE-2016-9775: Potential privilege escalation when the tomcat8
 package is purged. Thanks to Paul Szabo for the report (Closes: #845385)
   * Fixed CVE-2016-6816: The code that parsed the HTTP request line permitted
 invalid characters. This could be exploited, in conjunction with a proxy
 that also permitted the invalid characters but with a different
 interpretation, to inject data into the HTTP response. By manipulating the
 HTTP response the attacker could poison a web-cache, perform an XSS attack
 and/or obtain sensitive information from requests other then their own.
   * Fixed CVE-2016-8735: The JmxRemoteLifecycleListener was not updated to take
 account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations
 using this listener 

Bug#846298: marked as done (tomcat7: Security update causes java.lang.ClassNotFoundException: org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper)

[Debian Bug Tracking System]

Your message dated Fri, 23 Dec 2016 18:32:34 +
with message-id 
and subject line Bug#846298: fixed in tomcat7 7.0.56-3+deb8u6
has caused the Debian Bug report #846298,
regarding tomcat7: Security update causes java.lang.ClassNotFoundException: 
org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
846298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846298
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: tomcat7
Version: 7.0.56-3+deb8u5
Severity: important

I applied the latest security update and it broke tomcat completely. The logs
show:

SEVERE: SecurityClassLoad
java.lang.ClassNotFoundException: 
org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at 
org.apache.jasper.security.SecurityClassLoad.securityClassLoad(SecurityClassLoad.java:49)
at 
org.apache.jasper.compiler.JspRuntimeContext.(JspRuntimeContext.java:82)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:278)
at 
org.apache.catalina.core.JasperListener.lifecycleEvent(JasperListener.java:63)
at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at 
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at 
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)

Nov 29, 2016 5:11:13 PM org.apache.catalina.core.JasperListener lifecycleEvent
WARNING: Couldn't initialize Jasper
java.lang.ExceptionInInitializerError
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:278)
at 
org.apache.catalina.core.JasperListener.lifecycleEvent(JasperListener.java:63)
at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at 
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at 
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: java.lang.IllegalStateException: java.lang.ClassNotFoundException: 
org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
at 
org.apache.jasper.compiler.JspRuntimeContext.(JspRuntimeContext.java:99)
... 15 more
Caused by: java.lang.ClassNotFoundException: 
org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at 

Bug#845425: marked as done (DataSource no longer accessible since jessie security update)

[Debian Bug Tracking System]

Your message dated Fri, 23 Dec 2016 18:32:34 +
with message-id 
and subject line Bug#845425: fixed in tomcat7 7.0.56-3+deb8u6
has caused the Debian Bug report #845425,
regarding DataSource no longer accessible since jessie security update
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
845425: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845425
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tomcat7
Version: 7.0.56-3+deb8u5
Severity: normal

After the security update 7.0.56-3+deb8u5, I get an error message:

ALLVARLIG: Servlet.service() for servlet [Faces Servlet] in context with
path [/mech] threw exception [Filter execution threw an exception] with
root cause
org.hibernate.HibernateException: Unable to determine appropriate
DataSource to use

This seems likely to be connected with the fix for bug #842666, but I am
not expert enough to determine whether this is due to misconfiguration,
a problem with the fix, a problem in Hibernate, or ...

It used to work with 7.0.56-3+deb8u4, and downgrading to 7.0.56-3+deb8u3
from stable also restores the functionality.

/etc/tomcat7/server.xml:
...
  
...
   
   
...
  
...

webapp/META-INF/context.xml:

  


Thanks,
Arne
--- End Message ---
--- Begin Message ---
Source: tomcat7
Source-Version: 7.0.56-3+deb8u6

We believe that the bug you reported is fixed in the latest version of
tomcat7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 845...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated tomcat7 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Fri, 09 Dec 2016 17:54:59 +0100
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java 
libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.56-3+deb8u6
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7- Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Closes: 845425 846298
Changes:
 tomcat7 (7.0.56-3+deb8u6) jessie-security; urgency=high
 .
   * Fixed CVE-2016-9774: Potential privilege escalation when the tomcat7
 package is upgraded. Thanks to Paul Szabo for the report (see #845393)
   * Fixed CVE-2016-9775: Potential privilege escalation when the tomcat7
 package is purged. Thanks to Paul Szabo for the report (see #845385)
   * Fixed CVE-2016-6816: The code that parsed the HTTP request line permitted
 invalid characters. This could be exploited, in conjunction with a proxy
 that also permitted the invalid characters but with a different
 interpretation, to inject data into the HTTP response. By manipulating the
 HTTP response the attacker could poison a web-cache, perform an XSS attack
 and/or obtain sensitive information from requests other then their own.
   * Fixed CVE-2016-8735: The JmxRemoteLifecycleListener was not updated to take
 account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations
 using this listener remained vulnerable to a similar remote code execution
 vulnerability. This issue has been rated as important rather than critical
 due to the small number of installations using this listener and that it
 would be highly unusual for the JMX ports to be accessible to an attacker
 even when the listener is used.
   * Backported the fix for upstream bug 57377: Remove the restriction that
 prevented 

tomcat8_8.0.14-1+deb8u5_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sat, 17 Dec 2016 09:19:36 +0100
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java 
libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.0.14-1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API 
classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java 
API documenta
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8- Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web 
application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web 
applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Closes: 845385 845393
Changes:
 tomcat8 (8.0.14-1+deb8u5) jessie-security; urgency=high
 .
   * Fixed CVE-2016-9774: Potential privilege escalation when the tomcat8
 package is upgraded. Thanks to Paul Szabo for the report (Closes: #845393)
   * Fixed CVE-2016-9775: Potential privilege escalation when the tomcat8
 package is purged. Thanks to Paul Szabo for the report (Closes: #845385)
   * Fixed CVE-2016-6816: The code that parsed the HTTP request line permitted
 invalid characters. This could be exploited, in conjunction with a proxy
 that also permitted the invalid characters but with a different
 interpretation, to inject data into the HTTP response. By manipulating the
 HTTP response the attacker could poison a web-cache, perform an XSS attack
 and/or obtain sensitive information from requests other then their own.
   * Fixed CVE-2016-8735: The JmxRemoteLifecycleListener was not updated to take
 account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations
 using this listener remained vulnerable to a similar remote code execution
 vulnerability. This issue has been rated as important rather than critical
 due to the small number of installations using this listener and that it
 would be highly unusual for the JMX ports to be accessible to an attacker
 even when the listener is used.
   * Backported the fix for upstream bug 57377: Remove the restriction that
 prevented the use of SSL when specifying a bind address for the JMX/RMI
 server. Enable SSL to be configured for the registry as well as the server.
   * CVE-2016-5018 follow-up: Applied a missing modification fixing
 a ClassNotFoundException when the security manager is enabled (see #846298)
   * CVE-2016-6797 follow-up: Fixed a regression preventing some applications
 from accessing the global resources (see #845425)
   * CVE-2015-5345 follow-up: Applied a missing modification to DefaultServlet
   * Backported a fix for a test failure in Test*NonLoginAndBasicAuthenticator
 with recent JREs
   * Backported a fix disabling the broken SSLv3 tests
   * Refreshed the expired SSL certificates used by the tests
   * Set the locale when running the tests to prevent locale sensitive tests
 from failing
   * Added asm-all.jar to the test classpath to fix TestWebappServiceLoader
   * Fixed a test failure in the new TestNamingContext test added with the fix
 for CVE-2016-6797
   * Test failures are no longer ignored and now stop the build
Checksums-Sha1:
 863b3c4d475bde4e869f4ebaebf67118dae4b9f9 2842 tomcat8_8.0.14-1+deb8u5.dsc
 9ad63d0fddca86cfd97e8fca65563247e80a718b 70888 
tomcat8_8.0.14-1+deb8u5.debian.tar.xz
 c983ffb5480273647fbc13c0dfcd845fd4cdaf38 57498 
tomcat8-common_8.0.14-1+deb8u5_all.deb
 c758773f15b912d448024e4495125af61bb093a8 47000 tomcat8_8.0.14-1+deb8u5_all.deb
 b2c8c6de94ce645dcbafcfd4ea597293f063a78f 34530 
tomcat8-user_8.0.14-1+deb8u5_all.deb
 feef6365326e829ebf29af02e6c9395a7294f824 4587212 
libtomcat8-java_8.0.14-1+deb8u5_all.deb
 aaa54d72e7ecf58eb9c7e342771cfded676b1650 391938 
libservlet3.1-java_8.0.14-1+deb8u5_all.deb
 0e664137717a28a462964aef6effb4ccf88b0f74 247386 
libservlet3.1-java-doc_8.0.14-1+deb8u5_all.deb
 2e4b17b7870ded1623f89ee22bf61d7bcc835c5e 35942 
tomcat8-admin_8.0.14-1+deb8u5_all.deb
 c7c874c57df41fdf45c8932136bfd8616960 194150 
tomcat8-examples_8.0.14-1+deb8u5_all.deb
 cc2e6a53b27dda1e2ad95d0a7abe92fc7eaed4d2 688960 
tomcat8-docs_8.0.14-1+deb8u5_all.deb
Checksums-Sha256:
 03a05dc2b15e3241270a7e99c7f5a6afde2fc875dcda8461727970cf5f1b88c8 2842 
tomcat8_8.0.14-1+deb8u5.dsc
 2c56c1343672f97fd42b1b38b82716f92fd7a7d3f1006782de3b014973daa30d 70888 
tomcat8_8.0.14-1+deb8u5.debian.tar.xz
 

tomcat7_7.0.56-3+deb8u6_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Fri, 09 Dec 2016 17:54:59 +0100
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java 
libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.56-3+deb8u6
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7- Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Closes: 845425 846298
Changes:
 tomcat7 (7.0.56-3+deb8u6) jessie-security; urgency=high
 .
   * Fixed CVE-2016-9774: Potential privilege escalation when the tomcat7
 package is upgraded. Thanks to Paul Szabo for the report (see #845393)
   * Fixed CVE-2016-9775: Potential privilege escalation when the tomcat7
 package is purged. Thanks to Paul Szabo for the report (see #845385)
   * Fixed CVE-2016-6816: The code that parsed the HTTP request line permitted
 invalid characters. This could be exploited, in conjunction with a proxy
 that also permitted the invalid characters but with a different
 interpretation, to inject data into the HTTP response. By manipulating the
 HTTP response the attacker could poison a web-cache, perform an XSS attack
 and/or obtain sensitive information from requests other then their own.
   * Fixed CVE-2016-8735: The JmxRemoteLifecycleListener was not updated to take
 account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations
 using this listener remained vulnerable to a similar remote code execution
 vulnerability. This issue has been rated as important rather than critical
 due to the small number of installations using this listener and that it
 would be highly unusual for the JMX ports to be accessible to an attacker
 even when the listener is used.
   * Backported the fix for upstream bug 57377: Remove the restriction that
 prevented the use of SSL when specifying a bind address for the JMX/RMI
 server. Enable SSL to be configured for the registry as well as the server.
   * CVE-2016-5018 follow-up: Applied a missing modification fixing
 a ClassNotFoundException when the security manager is enabled
 (Closes: #846298)
   * CVE-2016-6797 follow-up: Fixed a regression preventing some applications
 from accessing the global resources (Closes: #845425)
   * CVE-2015-5345 follow-up: Added a missing modification enabling the use of
 the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled
 attributes on a context.
   * Backported a fix for a test failure in Test*NonLoginAndBasicAuthenticator
 with recent JREs
   * Refreshed the expired SSL certificates used by the tests
   * Set the locale when running the tests to prevent locale sensitive tests
 from failing
   * Fixed a test failure in the new TestNamingContext test added with the fix
 for CVE-2016-6797
   * Fixed a test failure in TestResourceBundleELResolver
   * Reduced the verbosity of the tests
Checksums-Sha1:
 f515f7a7fb70ea78d53a961509968615992c1ccd 2758 tomcat7_7.0.56-3+deb8u6.dsc
 8b3a36fea4e5d86815f4230d5eeb1ac0b179b209 89984 
tomcat7_7.0.56-3+deb8u6.debian.tar.xz
 605223126836be410caca78b0ee2f303d261e7fb 63598 
tomcat7-common_7.0.56-3+deb8u6_all.deb
 9a47f0581bfbff62745e6b307e878c19e8a0ebb1 52578 tomcat7_7.0.56-3+deb8u6_all.deb
 da05b5aa94cb92f0134d174c679262311821f7e3 39956 
tomcat7-user_7.0.56-3+deb8u6_all.deb
 e61dedf5deb25c0558f775c7a2d3e5f973ea538e 3628460 
libtomcat7-java_7.0.56-3+deb8u6_all.deb
 c7e3bba59decd0ac74b7c9b9822e013f085303d0 315966 
libservlet3.0-java_7.0.56-3+deb8u6_all.deb
 2f3a110bba17e31c051e0daef417a142168a8c29 206570 
libservlet3.0-java-doc_7.0.56-3+deb8u6_all.deb
 d94179fa60b701dc38c57521fcfd8517a2601766 40890 
tomcat7-admin_7.0.56-3+deb8u6_all.deb
 88ed030e1c4cb32967d0e23594ef460941aafaf2 198736 
tomcat7-examples_7.0.56-3+deb8u6_all.deb
 33479c785c758c5ac746b1eb0dd46a04a3998ae2 603878 
tomcat7-docs_7.0.56-3+deb8u6_all.deb
Checksums-Sha256:
 051837a099da5e5abd64bac4bc910d76feb17bcecf9f871477d26023d0218621 2758 
tomcat7_7.0.56-3+deb8u6.dsc
 92f958bd0040baab247c06ba153cab3c587930f8eae530ee695870af92668c6b 89984 
tomcat7_7.0.56-3+deb8u6.debian.tar.xz
 6925b315cca1d7f1aa9048be13431d2b0071cc6bfd9644bc3e60ac53e0c4ce0f 63598 
tomcat7-common_7.0.56-3+deb8u6_all.deb
 55a25a7fd14f8ccbbd3d453f0ca8ca7b228d5e5a76b1e8c4d9d2b56371e1d120 52578 

Processing of jboss-xnio_3.4.3-1_source.changes

[Debian FTP Masters]

jboss-xnio_3.4.3-1_source.changes uploaded successfully to localhost
along with the files:
  jboss-xnio_3.4.3-1.dsc
  jboss-xnio_3.4.3.orig.tar.gz
  jboss-xnio_3.4.3-1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jboss-xnio_3.4.3-1_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Dec 2016 00:13:22 +0100
Source: jboss-xnio
Binary: libjboss-xnio-java libjboss-xnio-java-doc
Architecture: source
Version: 3.4.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libjboss-xnio-java - simplified low-level I/O layer for NIO
 libjboss-xnio-java-doc - Documentation for jboss-xnio
Changes:
 jboss-xnio (3.4.3-1) unstable; urgency=medium
 .
   * New upstream version 3.4.3.
   * jboss-xnio requires OpenJDK 8 from now on.
Checksums-Sha1:
 9413c591294522047ca3931f04167096ab85430a 2390 jboss-xnio_3.4.3-1.dsc
 0379abf6e3070231f7ef6e36154b6f0c866a280c 392306 jboss-xnio_3.4.3.orig.tar.gz
 4ee332e3a911f5a631fd644f6a43879867442b4b 5504 jboss-xnio_3.4.3-1.debian.tar.xz
Checksums-Sha256:
 a9d78534bcbd61663174265d66a48f3a6bff78384cd684b2db25f82b99834a55 2390 
jboss-xnio_3.4.3-1.dsc
 06caaa03fb9ec6468b725140490b227692ef3b53d72313b5af230b83bcec425d 392306 
jboss-xnio_3.4.3.orig.tar.gz
 6598ee633806a6d9a1bb770ba6ca827a826b4b728a6639b297b659ac3337d4bf 5504 
jboss-xnio_3.4.3-1.debian.tar.xz
Files:
 300067a31a2ad1d0fef7b3f9c65a9d63 2390 java optional jboss-xnio_3.4.3-1.dsc
 130d36dd874b8f0d9d77c5bb8cd85e6e 392306 java optional 
jboss-xnio_3.4.3.orig.tar.gz
 1a70188746454a46395688027c66134b 5504 java optional 
jboss-xnio_3.4.3-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlhdtWlfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkoyEP/jXqC9keMCaM+uuihOt2T9Ie/yWQy8pc1+3Q
fiOxssMR5o9FUTTihzuRM2oKkGxKyKCVbJdKRc3HwemX2BdKJ8yGSIJjUt9loG/T
Ar3j7Vz5UjNuQJnhI8IW+qQzPoO3hvXLcy8+8TdpXKRLcBQvhtXzq7vkydY2dcsB
F+iLuF+Zumd9cl5ts3hEny9GdiWCYeJEztuX0+Mw1homsih4Tdn2Ue5gQsO5ajlJ
WXHOJ0Nkar6Xue7hH+d41CGimRoH43pwykqTx702pWyFg6rcVpFzcUaCNOMhJlIz
4gTtN4+/M8PmJ9ZVZ8x0MMTpU+wOuW8sl7ad4a7FzmjCcD7oewUiCpltP+6BZvRr
GffPHbuz+zU5l+e4y+7nWsMOZqK+O6BgTl7q9BNCCRtzxUGWRMpiJbQjV/qdq6NV
bsK7zM7ytEo/oAIp8dafs71/WfV9lkrrifXj3zoEgV95L+9oA/907Bqy3vNfbJFM
931+HhTTDAkDKn+T0dFmbGMAL/dRcXAqcCs+7SBQG77IjoxFBufkiEaCLd9X0deV
M6VjKOgt358OkdI8QC2fK4KyYuUlS0OWnW9YcrRF+enfCqGx05V8/zolA3OSqiyH
Nba+1U1ta35buTNMCM2GpEdrrvVjHcITJZ3mTmtOJddzh4oczMhHjlufrpBOli3E
Vaa58VBu
=6mgO
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jboss-logging_3.3.0-2_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Dec 2016 00:52:05 +0100
Source: jboss-logging
Binary: libjboss-logging-java libjboss-logging-java-doc
Architecture: source
Version: 3.3.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libjboss-logging-java - JBoss Logging Framework
 libjboss-logging-java-doc - Documentation for the JBoss Logging Framework
Changes:
 jboss-logging (3.3.0-2) unstable; urgency=medium
 .
   * Switch to compat level 10.
   * Switch from cdbs to dh sequencer.
   * Vcs-Git: Use https.
   * Update my email address.
   * Declare compliance with Debian Policy 3.9.8.
Checksums-Sha1:
 d6599086a0cb14344c7d1166537e54f09c5b8f13 2391 jboss-logging_3.3.0-2.dsc
 cd425adb4f04ed956111c785798055d90f5bce72 3644 
jboss-logging_3.3.0-2.debian.tar.xz
Checksums-Sha256:
 09676bbb2cf7fe102a97fcca9484b4a33f5233a2564bbe9e77887f29a86207ca 2391 
jboss-logging_3.3.0-2.dsc
 cfafc3d1fee528821390de83838b00fc41cb44ee49b5606a8f3a19ebd38c89a8 3644 
jboss-logging_3.3.0-2.debian.tar.xz
Files:
 051a0a00e0e420e159733c1fced70cd8 2391 java optional jboss-logging_3.3.0-2.dsc
 8a7ff41689ba50212adcb8705d8c4a13 3644 java optional 
jboss-logging_3.3.0-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlhduf5fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk9iwP/1RhobVxuoTVNSvDX9EWO/MVJaCnZDBCoMKJ
phy3f7B6AWXjMi4EvNE474JvKyVEfhSfCKvgW4iCtLJrv8MUXJ70V8dkwGydGTr5
+r89caVnVSEt393SEoS84rc/KBeuqcpk5Jf9+Blmqu/HJBSkKEiixI4Zo4feTt/M
Q+CN76nqwHNgU5uYTjxLceG/Oq3Ulhvag0UxCkY3uzpOUEt80QTWCxLfHkClQXjS
W04w1pCPbQ3EtRVMHaKwg1vfvCQqfJyyrv4NL/9xyy19sBSevRPK4aEbySvchJtb
kUgYwG+rMcNQZMC+ihhF23gvJWuJjpd1ZGxl1yC4jO5yOtJA8vrexYUgU9Df7TH5
lLdG7R9PUvusI2kPX4ayxZUCEVq6Fu8wcu6xCf8AAd9ChcOaMAhvYA5+KDHjQXy6
jw6zEvJeD+AceFKNkvr0IdOnFWgUEfZc+xqIzhXL1Subo6md5V4mkifBf2F+k8yf
WUZ1qdLW0WAmYUYtcZLFkGFId+nyzxMajK0cJ1GPYhf5uTUU9eGeBvUUmFBMZwBP
5jL2+nOBAcbA6MWr+ItfR1bnOkt6spEdF3avORvmGVqEvlrlb4B8R1RzzB2UfOWZ
5IHlfGg2jEL8h9GVrdS3T81zm+YI+9DCsqaO3tE46MMq8Yr8bW41Vig+HGhBW38k
Z5URzOKI
=8/tz
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jboss-classfilewriter_1.1.2-2_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Dec 2016 01:05:56 +0100
Source: jboss-classfilewriter
Binary: libjboss-classfilewriter-java libjboss-classfilewriter-java-doc
Architecture: source
Version: 1.1.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libjboss-classfilewriter-java - bytecode writer that creates .class files at 
runtime
 libjboss-classfilewriter-java-doc - Documentation for JBoss Class File Writer
Changes:
 jboss-classfilewriter (1.1.2-2) unstable; urgency=medium
 .
   * Switch to compat level 10.
   * Declare compliance with Debian Policy 3.9.8.
   * Vcs-Git: Use https.
   * Update my email address.
Checksums-Sha1:
 681d9853001b4440715f192fb58569b407fec2ce 2462 jboss-classfilewriter_1.1.2-2.dsc
 51b95df5cbee626ff80dd106e5380b716d36f2ee 2656 
jboss-classfilewriter_1.1.2-2.debian.tar.xz
Checksums-Sha256:
 d717ede5156dfe55f3ec3436ccae2af2aa6d138614ab9fc2fe8f60f9e75fff5b 2462 
jboss-classfilewriter_1.1.2-2.dsc
 91fdcd39d9b1e8debdfa8c1faaeb9e5bd4c6952015203254c8c679df8c8aa517 2656 
jboss-classfilewriter_1.1.2-2.debian.tar.xz
Files:
 f9506550e806c4f98416cb93a5214a42 2462 java optional 
jboss-classfilewriter_1.1.2-2.dsc
 381afc91d852d18eb5b11c99f0a2bd52 2656 java optional 
jboss-classfilewriter_1.1.2-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlhdvuFfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk/GwQANG/lEJaHTkE9I0nodJBzJayaK1xyCI1oyvm
8NdtrNxrTM73QDR7ugRloVjV5MlQW8UQ4iCUEpE6oIYFGZ7zXA22wrJTLStKwcf4
TjRcukRjLS/P67cD006IpPVhgzs7w8bBOazw6m3nNyXCHj2FlR6ASCAMrJK47KIj
VlWWtApZaTOYcKPc8KQivqOksHop8srppfkAkhL8eYRlZ73twtVWwoDonKXiJn1j
3QHH3kpPTmmGgBUtrjtuCxe7n1LpwTy0svo8XU+LW6dcOdUZyRqmkitMR9K64Tv6
FrzWHKiHptJp/v/N8GX1MCJ1OiZ6m9vPcE8JNOwbEuGTvGnFTsn1VCLbMDQGFfBl
qsP+p1PDRGz3jH+ubeAxENUcT1EuYrA4/two9Sq6I6AqI96KfVT1RtVVVz4HFZhw
KAofTUCE7vuO60rAR7rFOONCfZPpCgVcZtmLFT29/uiWVTBhG7uQpLOMjDXficgg
vP/FAfAXP2jEQyqljFgqUd6f/jCIMBsz0fUsBA7yPldG7rzP8aqLZXJQ3TVL+Iaw
96W07rqitv5JPBrdJPBlb+0AeEhj4fciFUDEDqiNc50AqJqA8RubaXsX4v954FcF
+xMbVhHz4P0xCOf6DI1pijlVPEaEjO7RObEzIByHaKKdJ6DeLvFR5EN/t4D0UHp1
2XhHahma
=VNSn
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of jboss-logging_3.3.0-2_source.changes

[Debian FTP Masters]

jboss-logging_3.3.0-2_source.changes uploaded successfully to localhost
along with the files:
  jboss-logging_3.3.0-2.dsc
  jboss-logging_3.3.0-2.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of jboss-classfilewriter_1.1.2-2_source.changes

[Debian FTP Masters]

jboss-classfilewriter_1.1.2-2_source.changes uploaded successfully to localhost
along with the files:
  jboss-classfilewriter_1.1.2-2.dsc
  jboss-classfilewriter_1.1.2-2.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jalview is marked for autoremoval from testing

[Debian testing autoremoval watch]

jalview 2.7.dfsg-5 is marked for autoremoval from testing on 2017-01-09

It (build-)depends on packages with these RC bugs:
843464: jmol: FTBFS (RawPacketWriter() has private access in RawPacketWriter)


__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.