Hi,
Am 13.08.2018 um 13:23 schrieb Andreas Tille:
[...]
> I tried hard to add junit4.jar to the classpath but my attempts failed.
> It should be done in the latest quilt patch in test/build-test.xml but
> I have no idea how to use it properly (I actually think all *.jar in
> /usr/share/java are
Control: tag -1 pending
Hello,
Bug #893302 in lwjgl reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
On Tue, 17 Jul 2018 22:18:57 +0300 Juhani Numminen
wrote:
[...]
> Ah, it is the lovely -Werror.
>
> It seems that gcc-8 build succeeds when I add this line in debian/rules:
>
> export DEB_CXXFLAGS_MAINT_APPEND = -Wno-error
I think this is sensible here. I will update the package as soon as
Source: undertow
Version: 1.4.25-1
Severity: serious
I am filing this bug report to prevent the migration of undertow to
testing and subsequently being part of the next stable release Debian
10, "Buster". This was also briefly discussed with the Security Team.
Reasons:
- Undertow is regularly
Control: tag -1 pending
Hello,
Bug #893312 in lombok reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
Control: tag -1 pending
Hello,
Bug #897533 in sunflow reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
Package: jetty9
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for jetty9.
CVE-2017-7656[0]:
| In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all
| configurations), and 9.4.x (non-default configuration with RFC2616
|
+0200
@@ -1,3 +1,11 @@
+ditaa (0.10+ds1-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Work around the FTBFS with Java 10 by removing the JavadocTaglet class.
+(Closes: #897494)
+
+ -- Markus Koschany Wed, 13 Jun 2018 23:03:10 +0200
+
ditaa (0.10+ds1-1.1) unstable; urgency
Hi Salvatore,
Am 08.06.2018 um 22:38 schrieb Salvatore Bonaccorso:
> Hi Markus,
>
> On Tue, Jun 05, 2018 at 02:52:58PM +0200, Markus Koschany wrote:
>> Control: tags -1 patch
>>
>> Dear maintainer,
>>
>> I've prepared a patch fixing CVE-2018-7225.
Control: reopen -1
It seems there is another issue with libequinox-osgi-java. Building
Netbeans from source works again but I still get the NullPointerException.
signature.asc
Description: OpenPGP digital signature
Control: severity -1 normal
Control: tags -1 moreinfo
On Sat, 2 Jun 2018 12:18:22 +0200 Salvo Tomaselli
wrote:
> severity 248496 grave
> thanks
>
> Raising priority, since the game does not run at all and the package
> seems completely abandoned.
>
> If I'm right, the package will eventually
Control: severity -1 normal
Control: retitle -1 desmume: clarify ConvertUTF license header
Am 01.06.2018 um 22:25 schrieb Bastien ROUCARIES:
> On Fri, Jun 1, 2018 at 10:21 PM, Markus Koschany wrote:
>>
>> Am 01.06.2018 um 22:16 schrieb Bastien ROUCARIES:
>> [...]
>>&
Am 01.06.2018 um 22:16 schrieb Bastien ROUCARIES:
[...]
> No it is not a lintian bug. Unicode withdraw this code before applying
> the license change.
>
> Exhibit 1 does not apply in this case.
>
>>
>> http://www.unicode.org/copyright.html#Exhibit1
>>
>> Also see https://bugs.debian.org/864729
Hi,
Am 01.06.2018 um 21:58 schrieb Bastien ROUCARIÈS:
> Package: desmume
> Severity: serious
>
> The following file source files include material under a non-free license
> from
> Unicode Inc. Therefore, it is not possible to ship this in main or contrib.
>
> src/utils/ConvertUTF.c
>
> This
Hello,
Am 25.05.2018 um 21:50 schrieb Josh Blagden:
> Hi folks,
>
> I just wanted to make the observation that Debian has had the same
> version of Eclipse for the last six years. When can we expect to see a
> new version to the Debian repository?
Maybe when a solar and lunar eclipse happen
Package: zookeeper
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Fixed: 3.4.10-1
Hi,
The following vulnerability was published for zookeeper.
CVE-2018-8012[0]:
| No authentication/authorization is enforced when a server attempts to
| join a quorum in Apache ZooKeeper
Control: reassign 898483 libphysfs
Control: retitle 898484 physfs: setWriteDir creates an empty file
Control: found 898484 3.0.1-1
Hi,
Am 17.05.2018 um 06:43 schrieb Ryan C. Gordon:
>
> Upstream patch is here:
>
> https://hg.icculus.org/icculus/physfs/rev/a29fef4a20fd
>
> I have one other
Control: tags -1 pending
I still can't upgrade to the new SDL2 version of raincat because
haskell-mixer-sdl2 and haskell-image-sdl2 or similar packages are
currently not available in Debian.
However the fix seems to be trivial. The import statement is wrong and
should be Items.Items instead of
Am 14.05.2018 um 22:21 schrieb Rafi Rubin:
> The dependencies for 3.8.1-11 end up requiring libequinox-osgi-java >=
> 3.9.1 (through eclipse-rcp), which doesn't have
> /usr/lib/eclipse/plugins/org.eclipse.osgi_3.8.1.dist.jar
>
>
> Going back to stable, 3.8.1-10 for the eclipse packages at least
Hello Patrick,
Am 12.05.2018 um 16:19 schrieb James Cowgill:
[...]
> I think this is a bug in libphysfs 3.0.1. It seems that in this version
> (unlike 2.0.3), PHYSFS_setWriteDir has the side effect of creating an
> empty file if the path it is given does not exist. This will later cause
>
Control: tags -1 confirmed
Am 12.05.2018 um 15:06 schrieb Lumin:
> Package: lincity-ng
> Version: 2.9~git20150314-3
> Severity: serious
>
> Dear lincity-ng maintainer,
>
> When there is no ~/.lincity-ng directory under user's home, lincity-ng
> will fail on start.
>
> ~ ❯❯❯ lincity-ng
>
I have pushed an update of raincat to
https://salsa.debian.org/games-team/raincat
I believe the new upstream release will address this issue but even if
not it should be doable to fix this.
I'm currently waiting for haskell-sdl2 which is in the NEW queue.
Markus
signature.asc
Description:
Control: reassign -1 src:eclipse
Control: retitle: Missing symlink of org.eclipse.osgi jar
Hello,
thank you for the bug report. The symlink must be created in the eclipse
package though.
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
SS vulnerability in homepage attribute
+when displayed via gem server.
+ * Fix CVE-2018-179: Directory Traversal vulnerability in gem installation
+that can result in writing to arbitrary filesystem locations during
+installation of malicious gems.
+ (Closes: #895778)
+
+ -- Markus Kos
Am 25.04.2018 um 03:09 schrieb Michael Gilbert:
> On Mon, Apr 23, 2018 at 4:57 PM, Markus Koschany wrote:
>> lwjgl 2.9.3 is a legacy release from 2015. It is the last version of the
>> 2.x series and no longer supported. Upstream moved to lwjgl 3. If nobody
>> can fix th
Control: forwarded -1 https://savannah.nongnu.org/bugs/index.php?53734
signature.asc
Description: OpenPGP digital signature
. Upstream moved to lwjgl 3. If nobody
can fix this we should consider to remove lwjgl because the new version
3 would require new Kotlin build dependencies and more.
Markus
From: Markus Koschany <a...@debian.org>
Date: Mon, 23 Apr 2018 22:30:13 +0200
Subject: java9
---
src/java/org/lwjg
Package: lucene-solr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lucene-solr.
CVE-2018-1308[0]:
| This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1
| relates to an XML external entity expansion (XXE) in
Package: glusterfs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for glusterfs.
CVE-2018-1088[0]:
| A privilege escalation flaw was found in gluster 3.x snapshot
| scheduler. Any gluster client allowed to mount gluster
buildflag variable CFLAGS instead of
+DEBCFLAGS. This will also ensure that the -dbgsym package is created
+correctly.
+ * Fix error "format-not-a-string-literal".
+
+ -- Markus Koschany <a...@debian.org> Wed, 18 Apr 2018 03:18:08 +0200
+
acm (5.0-29.1) unstable; urgency=m
I've fixed the original errors in Javac.java but there are more later on
due to our friend OpenPain 9. I had no choice but to upgrade to a newer
lombok version. Now I'm stuck because ecj can't be found.
Markus
signature.asc
Description: OpenPGP digital signature
Source: ecj
Version: 3.13.2-2
Severity: serious
while I was having some fun with lombok, I discovered that ecj is just
a virtual package and not installable. I don't think that's intended.
Markus
ian/rules that prevented the use of
+correct file permissions and thus made the game unusable.
+Thanks to Aaron Howell for the report. (Closes: #875547)
+
+ -- Markus Koschany <a...@debian.org> Mon, 16 Apr 2018 19:21:27 +0200
+
animals (201207131226-2) unstable; urgency=medium
* Swi
I intend to work on the patches for Jessie and Stretch. Unstable could
be a bit more complicated due to the FTBFS with OpenJDK 9.
Markus
signature.asc
Description: OpenPGP digital signature
Package: jruby
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for jruby. Apparently
rubygems is embedded into jruby which makes it vulnerable to.
CVE-2018-179[0]:
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier,
-08-29 08:18:47.0 +0200
+++ dita-ot-1.5.3/debian/changelog 2018-04-14 00:56:09.0 +0200
@@ -1,3 +1,10 @@
+dita-ot (1.5.3-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add encoding.patch and fix FTBFS with Java 9. (Closes: #893129)
+
+ -- Markus Koschany
-11-04 23:10:51.0 +0100
+++ sat4j-2.3.5/debian/changelog2018-04-13 18:54:47.0 +0200
@@ -1,3 +1,10 @@
+sat4j (2.3.5-0.3) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add encoding.patch and fix FTBFS with Java 9. (Closes: #893411)
+
+ -- Markus Koschany
This package has no reverse-dependencies. It has been in "maintenance
mode" upstream since 2012.
https://sourceforge.net/projects/jdbm/
https://github.com/jankotek/JDBM3
The author then worked on JDBM4
https://github.com/jankotek/JDBM4
which became mapdb
https://github.com/jankotek/mapdb
Control: tags -1 confirmed
I had a look at this package. Despite the fact that we use the magic
--ignore-source-errors option we get a ClassCastException from OpenJDK
9. I wonder if this is rather a bug in OpenJDK 9 than in libhibernate3-java.
Markus
signature.asc
Description: OpenPGP digital
Control: reassign -1 src:proguard
Hi,
this is a proguard bug. Version 5.3.3-1 works for me but 6.0.1-1 fails.
The reason is that the gradle.ProguardTask class is not included in
proguard-base.jar. The gradle/build.sh script requires the existence of
Gradle, fails to detect it because proguard
Am 28.03.2018 um 23:34 schrieb Francesco Poli:
> On Sat, 24 Mar 2018 15:22:12 +0100 Markus Koschany wrote:
>
>> Am 24.03.2018 um 00:17 schrieb Francesco Poli:
> [...]
>>> Was the debian-legal discussion pointed out to the FTP Masters?
>>> Did they explain th
Am 28.03.2018 um 22:35 schrieb Emmanuel Bourg:
> Le 28/03/2018 à 22:29, Markus Koschany a écrit :
>
>> I'm just wondering, we never had 3.0.0-3 of maven-bundle-plugin in
>> Debian. How did it get fixed and what does maven-bundle-plugin do now to
>> make those Java modul
Hi,
I'm just wondering, we never had 3.0.0-3 of maven-bundle-plugin in
Debian. How did it get fixed and what does maven-bundle-plugin do now to
make those Java modules accessible? I thought this was an issue of the
application build system and not a general tool chain problem. Just
asking because
Am 28.03.2018 um 15:13 schrieb Adrian Bunk:
> Control: reopen -1
>
>> Date: Wed, 28 Mar 2018 14:19:30 +0200
>> From: Markus Koschany <a...@debian.org>
>> To: 893382-d...@bugs.debian.org
>> Subject: Re: osgi-foundation-ee FTBFS with openjdk-9
>>
>&
Am 26.03.2018 um 07:55 schrieb Andreas Tille:
> On Sun, Mar 25, 2018 at 11:56:18PM +0200, Emmanuel Bourg wrote:
>> Le 25/03/2018 à 19:55, tony mancill a écrit :
[...]
>>> (b) relaxing the default pkg-java permissions to be like those of the
>>> Debian Perl Team and allow all DDs by default
>>
I could solve one part of the build issues with Java 9 but I am stuck with
"/build/jboss-xnio-3.6.2/api/src/main/java/java/nio/channels/FileChannel.java:[19,1]
package exists in another module: java.base
"
I have read about the new --patch-modules option but I am not sure if
this is the right
Hi tony,
Am 25.03.2018 um 06:26 schrieb tony mancill:
[...]
> I'm going to upload to experimental momentarily and ask others on the
> Java Team if there any concern about uploading Gradle 3.4 to unstable.
Let's do it. I remember there were two failing packages with Gradle 3.4
but BND might be
Am 24.03.2018 um 00:17 schrieb Francesco Poli:
> On Thu, 22 Mar 2018 18:30:53 +0100 Markus Koschany wrote:
>
>> Am 19.03.2018 um 22:28 schrieb Francesco Poli (wintermute):
> [...]
>>> I noticed that the license was
>>> [discussed](https://lists.debian.org/d
Am 20.03.2018 um 23:13 schrieb Emmanuel Bourg:
> I got a quick look, the source encoding is easily fixed and the
> org.apache.axis.enum was long deprecated and can be removed. But there
> is more than that. Axis implements interfaces from javax.xml.soap that
> were upgraded in Java 9, so Axis
clone 893236 -1
reassign -1 src:openjdk-9
retitle -1 openjdk9: NullPointerException when building MethodSubHeader
forwarded -1 https://bugs.openjdk.java.net/browse/JDK-8199307
thanks
The NullPointerException looks like an OpenJDK bug to me. This was
already reported upstream. The doclint feature
Am 19.03.2018 um 09:30 schrieb Andreas Tille:
> package com.sun.istack.internal is not visible
With OpenJDK 9 com.sun.* API is no longer accessible unless you
explicitly tell the compiler to export the module which provides said
functionality.
I presume passing
--add-exports
Hello Andreas,
Am 18.03.2018 um 09:30 schrieb Andreas Tille:
> Control: tags -1 help
>
> On Sat, Mar 17, 2018 at 10:07:50PM +0200, Adrian Bunk wrote:
>> ...
>> CMake Error at docs/CMakeLists.txt:212 (message):
>> Cannot generate java documentation, please specify the Java_JAVADOC_JAR.
>
> I
On Sat, 17 Mar 2018 16:23:26 +0200 Adrian Bunk wrote:
> Source: libjchart2d-java
> Version: 3.2.2+dfsg2-1
> Severity: serious
>
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libjchart2d-java.html
>
> ...
> BUILD FAILED
>
Koschany <a...@debian.org> Sun, 04 Mar 2018 16:22:40 +0100
+
jtb (1.4.12-1) unstable; urgency=medium
[ Markus Koschany ]
diff -Nru jtb-1.4.12/debian/jtb.poms jtb-1.4.12/debian/jtb.poms
--- jtb-1.4.12/debian/jtb.poms 2018-01-07 19:46:40.0 +0100
+++ jtb-1.4.12/debian/jtb.poms 2018
reassign -1 src:jtb
On Fri, 2 Mar 2018 12:54:36 +0100 Markus Koschany <a...@debian.org> wrote:
> Hi,
>
> Am 02.03.2018 um 06:33 schrieb Tiago Daitx:
> > Hi,
> >
> > A simple relocation in jtb fixed the FTBFS - tested for surefire,
> > javacc-maven-p
Link to patch:
https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
signature.asc
Description: OpenPGP digital signature
Control: severity -1 grave
Control: block -1 by 882525
Am 03.03.2018 um 05:30 schrieb Gustavo Castro:
> Package: netbeans
> Version: 8.1+dfsg3-4
> Severity: critical
> Justification: breaks unrelated software
> Tags: a11y
It does not really break unrelated software but thanks for reporting.
I
Am 03.03.2018 um 11:32 schrieb 殷啟聰 | Kai-Chung Yan:
> I propose to bring back Maven Dependency Tree 2.x as a new package that
> coexists with its latest version.
>
> Even in the latest (3.5.0) version, Maven Bundle Plugin still uses those
> deprecated APIs in Maven Dependency Tree 2.x. These
Control: severity -1 important
I am no longer sure undertow is affected. The issue is marked resolved
upstream and one of the fixing commits
https://github.com/wildfly/wildfly/pull/10748/files
indicates the bug was in WildFly's undertow extension but not in
Undertow itself. I keep this bug
Source: undertow
Version: 1.4.8-1+deb9u1
Severity: grave
Tags: security
Forwarded: https://issues.jboss.org/browse/WFLY-9620
A flaw was found in Wildfly 9.x. A path traversal vulnerability
through the
org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource
method could lead
Source: undertow
Version: 1.4.8-1+deb9u1
Severity: grave
Tags: security
Forwarded: https://issues.jboss.org/browse/UNDERTOW-1245
It was found that the AJP connector in undertow, as shipped in Jboss
EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus
allow the the slash / anti-slash
Hi,
Am 02.03.2018 um 06:33 schrieb Tiago Daitx:
> Hi,
>
> A simple relocation in jtb fixed the FTBFS - tested for surefire,
> javacc-maven-plugin, hawtbuf, avro-java, and activemq-protobuf.
Thank you very much for the investigation. I can NMU the package if
Ludovico is currently to busy.
Am 28.02.2018 um 04:52 schrieb Jeremy Bicha:
> monster-masher is one of the last two packages in Debian unstable
> depending on esound. (And even if that were fixed, monster-masher
> depends on several other GNOME2 libraries that are being removed.)
>
> monster-masher has been unmaintained
FTR: I don't intend to port this game to Gnome 3 and there is no
upstream activity at the moment. If nobody steps up to fix this issue I
will request the removal of gamazons before Buster freezes.
Markus
signature.asc
Description: OpenPGP digital signature
Am 11.02.2018 um 08:42 schrieb Sébastien Delafond:
[...]
> Hi Markus,
>
> thanks a lot for patches. I've reviewed them, and your approach is
> sound: please upload.
>
> Cheers,
>
> --Seb
Hi Seb,
thanks for the review. I've just uploaded both packages.
Cheers,
Markus
signature.asc
Package: libspring-java
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerability was published for libspring-java.
I intend to fix this in sid/buster by uploading 4.3.14.
CVE-2018-1199[0]:
Security bypass with static resources
If you fix the
So apparently in libmaven-dependency-tree-java 3.0.1-1 the devs decided
to rename the word tree to graph...There were some other issues though
and I was not sure how to proceed. I had a look at the Fedora package
and they patched maven-enforcer to work with Maven 3 but they also added
a dependency
On Wed, 15 Nov 2017 18:01:07 +0200 Adrian Bunk wrote:
[...]
> I tried to sort out what I could find as required for getting the
> ancient eclipse out of testing in [1]:
>
> 1. src:bnd
> You fixed that already.
>
> 2. batik -> maven -> guice -> libspring-java -> aspectj ->
Am 01.02.2018 um 23:29 schrieb Emmanuel Bourg:
> Le 01/02/2018 à 23:02, Markus Koschany a écrit :
>
>> This issue was caused by commons-httpclient due to the switch from Ant
>> to Maven in version 3.1-13. The OSGi metadata is currently missing in
>> the Manifest file
Control: reassign -1 commons-httpclient
Control: retitle -1 Missing OSGi metadata breaks Eclipse
Control: tags -1 pending
Control: affects -1 src:eclipse
On Sun, 6 Aug 2017 17:55:36 -0400 Lucas Nussbaum wrote:
> Source: eclipse
> Version: 3.8.1-10
> Severity: serious
> Tags:
Hi folks,
Am 25.01.2018 um 15:23 schrieb Salvatore Bonaccorso:
> Hi Markus,
>
> On Thu, Jan 25, 2018 at 02:40:10PM +0100, Markus Koschany wrote:
>> Hi,
>>
>> On Wed, 24 Jan 2018 23:02:44 +0100 Salvatore Bonaccorso
>> <car...@debian.org> wrote:
>>&g
Hi,
On Wed, 24 Jan 2018 23:02:44 +0100 Salvatore Bonaccorso
wrote:
> Source: jackson-databind
> Version: 2.9.1-1
> Severity: grave
> Tags: patch security upstream
> Forwarded: https://github.com/FasterXML/jackson-databind/issues/1899
> Control: found -1 2.8.6-1+deb9u2
>
Am 10.01.2018 um 22:30 schrieb Juhani Numminen:
> Hi,
>
> Markus Koschany kirjoitti 10.01.2018 klo 18:46:
>
>> there are even more candidates. I don't intend to port them to Gnome 3
>> and will eventually request their removal from Debian. There is still
>> time un
Control: severity -1 important
Am 05.01.2018 um 11:55 schrieb Ludovic CHEVALIER:
> Package: pdfsam
> Version: 3.3.5-1
> Severity: grave
> Justification: renders package unusable
>
> Dear Maintainer,
>
> I can't launch pdfsam. Here is the traceback:
>
> Exception in thread "main"
Hi,
I suggest to continue the conversation in private. You can contact me
for future uploads directly. Should I be unresponsive, please ask for
sponsorship on the debian-games mailing list and someone will hopefully
help you. Have you considered to become a Debian maintainer?
Am 28.12.2017 um
On Thu, 28 Dec 2017 12:47:01 +0100 bret curtis wrote:
> Hello Bret,
>
> There are two things going on here. One is that libopenscenegraph
> needs to be rebuilt since that specific (version) gdal package (so
> many dependencies down) is no longer available. Look at the apt
>
Am 23.12.2017 um 04:32 schrieb Jeremy Bicha:
> Source: monster-masher
> Version: 1.8.1-7
> Severity: serious
> User: pkg-gnome-maintain...@lists.alioth.debian.org
> Usertags: oldlibs gconf gconfmm
> Tags: sid buster
> X-Debbugs-CC: vch...@debian.org
>
> monster-masher Build-Depends and Depends on
Control: owner -1 !
I'm working on a fix right now.
Markus
signature.asc
Description: OpenPGP digital signature
Am 05.12.2017 um 19:13 schrieb Andreas Tille:
> On Tue, Dec 05, 2017 at 07:05:23PM +0100, Emmanuel Bourg wrote:
>> Le 05/12/2017 à 18:48, Andreas Tille a écrit :
>>
>>> So either I'm doing this CLASSPATH definition wrong or it does not help.
>>
>> I think you have to use "export CLASSPATH" in
Control: reassign -1 src:eclipselink
I am going to fix this bug in eclipselink. It is still not clear to me
why absolute classpaths don't work for eclipselink but there is a
solution, so no need to keep the package in this FTBFS state.
Markus
signature.asc
Description: OpenPGP digital
Am 01.12.2017 um 13:49 schrieb Juhani Numminen:
> Control: tags -1 patch
>
> Hello!
>
> I made attal to build again by removing "#undef __USE_ISOC99", so I'm
> adding the patch tag.
>
> However, as I don't know why those undefs were added in the first place,
> so this change might be breaking
Control: reassign -1 src:gradle
Control: found -1 3.2.1-5
Control: fixed -1 3.4.1-2
Hi,
I'm going to reassign this bug to gradle because the issue is really in
gradle 3.2.1. It is fixed in 3.4.1-2 in experimental. Mockito will build
from source again as soon as gradle 3.4.1 is uploaded to
Am 03.12.2017 um 13:29 schrieb Adrian Bunk:
> Package: libjaxb-java
> Version: 2.3.0-3
> Severity: serious
> Control: affects -1 src:eclipselink
Hi,
Thanks for reporting. I had a look at this but I can't find the mistake
in libjaxb-java. The difference between 2.3.0-2 and 2.3.0-3 is that we
use
Control: reassign -1 src:jaxb
Control: found -1 2.3.0-1
Control: forwarded -1 https://github.com/javaee/jaxb-v2/issues/1144
Control: affects -1 src:netbeans
I'm going to reassign this bug to jaxb because there are currently two
issues with this package. The jar files on the classpath used
Control: tags -1 confirmed
Am 20.11.2017 um 00:27 schrieb Gilles Filippini:
> Source: mockito
> Version: 1.10.19-2
> Severity: serious
> Justification: FTBFS
>
> Hi,
>
> While testing a build of mockito against a new json-simple releae I've
> experienced a FTBFS which is reproducible when
Control: tags -1 patch
Hi,
I had to fix the same issue in asc.
https://anonscm.debian.org/git/pkg-games/asc.git/tree/debian/patches/libphysfs-3.0.1.patch
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
Am 09.11.2017 um 21:34 schrieb Jeremy Bicha:
[...]
> Have you considered dropping the libswt-webkit-gtk-3-jni dependency
> from eclipse-rcp? Then the swt-gtk source package could stop building
> libswt-webkit-gtk-3-jni and we could complete the webkitgtk removal
> from Debian Testing.
>
> Thanks,
Hello,
updated packages for testing are available at:
https://people.debian.org/~roberto/
Any feedback is appreciated. Roberto's analysis of the problem can be
found at:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881162#41
Thanks
Markus
signature.asc
Description: OpenPGP digital
Thank you for the report. There was a recent security update of Tomcat 7
which is the likely cause for this issue.
Roberto can you take a look please?
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
On Fri, 3 Nov 2017 21:48:21 +0100 Salvatore Bonaccorso
wrote:
[...]
> It's likely that Red Hat just used the approeach as
> https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
> and referenced from https://github.com/kohsuke/libpam4j/issues/18 .
Am 03.11.2017 um 21:48 schrieb Salvatore Bonaccorso:
[...]
> It's likely that Red Hat just used the approeach as
> https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
> and referenced from https://github.com/kohsuke/libpam4j/issues/18 .
>
> The issue arises because
On Wed, 18 Oct 2017 13:29:19 +0200 Emmanuel Bourg wrote:
> Upstream has moved to GitHub [1] and the last update was released in
> 2014 but the security issue is still not fixed [2].
>
> This was a dependency of Jenkins which is now gone. There is a slim
> chance that this
-2017-15953, CVE-2017-15954 and CVE-2017-15955.
+bchunk was vulnerable to a heap-based buffer overflow with an resultant
+invalid free when processing a malformed CUE (.cue) file that may lead to
+the execution of arbitrary code or a application crash.
+
+ -- Markus Koschany <a...@debian.
Am 01.11.2017 um 22:04 schrieb Adrian Bunk:
> On Wed, Nov 01, 2017 at 09:23:32PM +0100, Markus Koschany wrote:
>> Am 01.11.2017 um 20:47 schrieb Jeremy Bicha:
>>> On Fri, Oct 20, 2017 at 6:24 PM, Emmanuel Bourg <ebo...@apache.org> wrote:
>>>> Le 20/1
Am 01.11.2017 um 20:47 schrieb Jeremy Bicha:
> On Fri, Oct 20, 2017 at 6:24 PM, Emmanuel Bourg wrote:
>> Le 20/10/2017 à 23:52, Jeremy Bicha a écrit :
>>
>>> Never mind. I tried doing the dak queries and I eventually got more
>>> than 500 reverse-depends before I gave up.
Control: owner -1 !
I am working on this bug and jblas and I intend to package the latest
upstream release.
signature.asc
Description: OpenPGP digital signature
Am 21.10.2017 um 00:24 schrieb Emmanuel Bourg:
> Le 20/10/2017 à 23:52, Jeremy Bicha a écrit :
>
>> Never mind. I tried doing the dak queries and I eventually got more
>> than 500 reverse-depends before I gave up. (Attached)
>
> Funny, I never realized that src:eclipse was basically holding most
Am 20.10.2017 um 15:26 schrieb Simon McVittie:
> On Fri, 20 Oct 2017 at 14:36:06 +0200, Markus Koschany wrote:
>> If you insist on severity
>> serious for such a problem, then bug reports with the same severity
>> should be filed against packages
>>
>> a) that d
Am 20.10.2017 um 06:42 schrieb Helmut Grohne:
> On Thu, Oct 19, 2017 at 10:52:41PM +0200, Markus Koschany wrote:
>> I am quoting:
>>
>> https://sources.debian.net/src/glee/5.4.0-2/configure/
>>
>> The license is very liberal. You can argue that it should be
Am 19.10.2017 um 22:34 schrieb Adrian Bunk:
> On Thu, Oct 19, 2017 at 08:23:24PM +0200, Markus Koschany wrote:
>> ...
>> In my opinion the configure script of glee is DFSG-compliant and
>> suitable for main. The license states:
>>
>> # Copyright (C) 2
501 - 600 of 1147 matches
Mail list logo