Source: netty
Version: 1:4.1.48-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2024-29025[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-841
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for commons-configuration2.
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-840
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for commons-configuration2.
Source: zookeeper
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for zookeeper.
CVE-2024-23944[0]:
| Information disclosure in persistent watchers handling in Apache
| ZooKeeper
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2024-23672[0]:
| Denial of Service via incomplete cleanup vulnerability in Apache
| Tomcat. It
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2024-24549[0]:
| Denial of Service due to improper input validation vulnerability for
| HTTP/2
Source: jboss-xnio
Version: 3.8.10-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jboss-xnio.
CVE-2023-5685[0]:
| StackOverflowException when the chain of notifier states becomes
|
Source: jetty9
Version: 9.4.53-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/jetty/jetty.project/issues/11256
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jetty9.
CVE-2024-22201[0]:
| Jetty is a Java based
Source: libcommons-compress-java
Version: 1.25.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.22-1
Hi,
The following vulnerability was published for libcommons-compress-java.
CVE-2024-26308[0]:
| Allocation of Resources
Source: libcommons-compress-java
Version: 1.25.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.22-1
Control: found -1 1.20-1
Hi,
The following vulnerability was published for libcommons-compress-java.
CVE-2024-25710[0]:
Source: openrefine
Version: 3.7.7-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openrefine.
Markus, please adjust severity if you think grave/RC severity is not
appropriate. openrefine updates
Source: libowasp-antisamy-java
Version: 1.7.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libowasp-antisamy-java.
CVE-2024-23635[0]:
| AntiSamy is a library for performing fast,
Source: shiro
Version: 1.3.2-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for shiro.
CVE-2023-46749[0]:
| path traversal attack
If you fix the vulnerability please also make sure to include
Source: axis
Version: 1.4-29
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.4-28
Control: found -1 1.4-28+deb12u1
Hi,
The following vulnerability was published for axis.
CVE-2023-51441[0]:
| ** UNSUPPORTED WHEN ASSIGNED **
Source: jline3
Version: 3.3.1-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jline3.
CVE-2023-50572[0]:
| An issue in the component GroovyEngine.execute of jline-groovy
| v3.24.1 allows
Source: jayway-jsonpath
Version: 2.0.0-5
Severity: minor
X-Debbugs-Cc: car...@debian.org
Hi
The homepage referenced in the Homepage control fields redirects to
https://github.com/json-path/JsonPath which seems to be the new home.
Might be worth updating in any next upload.
Regards,
Salvatore
On Mon, Dec 04, 2023 at 08:57:52PM +0100, Salvatore Bonaccorso wrote:
> Source: logback
> Version: 1:1.2.11-4
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
> Control: found -1 1:1.2.11-3
>
> Hi,
>
Source: logback
Version: 1:1.2.11-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:1.2.11-3
Hi,
The following vulnerability was published for logback.
CVE-2023-6378[0]:
| A serialization vulnerability in logback receiver
Control: clone -1 -2 -3
Control: retitle -2 tiles: Add README.Debian.security to document support status
Control: reassign -3 src:debian-security-support
Control: retitle -3 Mark tiles as only supported for building applications
shipped in Debian
Hi,
On Sun, Dec 03, 2023 at 03:35:31PM +0100,
Source: tiles
Version: 3.0.7-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: a...@debian.org, ebo...@apache.org, car...@debian.org, Debian
Security Team
Hi,
The following vulnerability was published for tiles.
CVE-2023-49735[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** The value set as
Source: tomcat10
Version: 10.1.15-1
Severity: important
Tags: security upstream fixed-upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2023-46589[0]:
| Improper Input Validation vulnerability in Apache Tomcat.Tomcat
Source: derby
Version: 10.14.2.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/DERBY-7147
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for derby.
CVE-2022-46337[0]:
| A cleverly devised
Source: bouncycastle
Version: 1.72-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for bouncycastle.
CVE-2023-33202[0]:
| Bouncy Castle for Java before 1.73 contains a potential Denial of
|
Source: undertow
Version: 2.3.8-2
Severity: important
Tags: security upstream
Forwarded: https://issues.redhat.com/browse/UNDERTOW-2271
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for undertow.
CVE-2023-3223[0]:
| A flaw was found in
Source: netty
Version: 1:4.1.48-7
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:4.1.48-4
Hi,
The following vulnerability was published for netty.
CVE-2023-44487[0]:
| The HTTP/2 protocol allows a denial of service (server
Source: zookeeper
Version: 3.8.0-11
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.4.13-6
Hi,
The following vulnerability was published for zookeeper.
CVE-2023-44981[0]:
| Authorization Bypass Through User-Controlled Key
Source: libowasp-antisamy-java
Version: 1.5.3+dfsg-1.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libowasp-antisamy-java.
Note: The severity is set to RC, though 'important' would better fit.
Source: snappy-java
Version: 1.1.8.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for snappy-java.
CVE-2023-43642[0]:
| snappy-java is a Java port of the snappy, a fast C++
|
Source: libcommons-compress-java
Version: 1.22-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcommons-compress-java.
CVE-2023-42503[0]:
| Improper Input Validation, Uncontrolled Resource
Source: libapache-mod-jk
Version: 1:1.2.48-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libapache-mod-jk.
CVE-2023-41081[0]:
| The mod_jk component of Apache Tomcat Connectors in some
|
Source: axis
Version: 1.4-28
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for axis.
CVE-2023-40743[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in
| an application, it
Source: shiro
Version: 1.3.2-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for shiro.
CVE-2023-34478[0]:
| Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to
| a path traversal
Source: bouncycastle
Version: 1.72-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for bouncycastle.
CVE-2023-33201[0]:
| potential blind LDAP injection attack using a self-signed
| certificate
Source: guava-libraries
Version: 31.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for guava-libraries.
CVE-2020-8908[0]:
| A temp directory creation vulnerability exists in all versions of
hey all,
I was involved with a discussion on site here in Hamburg with Paul
about it.
On Fri, May 26, 2023 at 10:58:48AM +0200, Moritz Muehlenhoff wrote:
> On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> > First of all trapperkeeper-webserver-jetty9-clojure should add a build-
Source: xerial-sqlite-jdbc
Version: 3.40.1.0+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xerial-sqlite-jdbc.
CVE-2023-32697[0]:
| SQLite JDBC is a library for accessing and creating
Hi Markus,
On Sat, May 13, 2023 at 06:27:49PM +0200, Markus Koschany wrote:
> I have just pushed the necessary changes to our Git repository.
>
> https://salsa.debian.org/java-team/tomcat9/-/commit/adbd0b0711de66b67278b10e258c47c805e9b993
Do we need to have done more here? When Paul asked on
Source: libjettison-java
Version: 1.5.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/jettison-json/jettison/issues/60
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.5.3-1~deb11u1
Hi,
The following vulnerability was published for
Source: tomcat9
Version: 9.0.70-1
Severity: important
Tags: security upstream
Forwarded: https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 9.0.43-2~deb11u4
Control: found -1 9.0.43-2
Hi,
The following vulnerability was
Source: json-smart
Version: 2.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for json-smart.
CVE-2023-1370[0]:
| [Json-smart](https://netplex.github.io/json-smart/) is a performance
| focused,
Source: libxstream-java
Version: 1.4.19-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libxstream-java.
CVE-2022-41966[0]:
| XStream serializes Java objects to XML and back again. Versions
Source: libcommons-net-java
Version: 3.6-1
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/NET-711
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcommons-net-java.
CVE-2021-37533[0]:
|
Source: apache-jena
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi Java maintainers,
there is the following vulnerability was published for apache-jena,
but there is only little information available. My undestanding is
that it still
Source: hsqldb
Version: 2.7.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for hsqldb.
CVE-2022-41853[0]:
| Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb
| (HyperSQL
Source: libjettison-java
Version: 1.4.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libjettison-java. It is
fixed upstream in 1.5.1.
CVE-2022-40149[0]:
| Those using Jettison to parse
Source: libjettison-java
Version: 1.4.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libjettison-java.
CVE-2022-40150[0]:
| Those using Jettison to parse untrusted XML or JSON data may be
|
Hi Tony
Thanks for the update.
On Wed, Sep 28, 2022 at 08:30:07AM -0700, tony mancill wrote:
> On Tue, Sep 27, 2022 at 05:41:21PM +0200, Salvatore Bonaccorso wrote:
> > > snakeyaml 1.31 has been uploaded to unstable. I will start work on
> > > 1.33, which addresses
Hi Tony,
On Tue, Sep 27, 2022 at 08:06:58AM -0700, tony mancill wrote:
> On Mon, Sep 05, 2022 at 09:48:33PM +0200, Salvatore Bonaccorso wrote:
> > Source: snakeyaml
> > Version: 1.29-1
> > Severity: important
> > Tags: security upstream
> > Forwarded: https://
Source: batik
Version: 1.14-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for batik.
CVE-2022-38398[0]:
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache
| XML Graphics
Source: snakeyaml
Version: 1.29-1
Severity: important
Tags: security upstream
Forwarded: https://bitbucket.org/snakeyaml/snakeyaml/issues/525
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for snakeyaml.
CVE-2022-25857[0]:
| The package
Source: jsoup
Version: 1.15.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jsoup.
CVE-2022-36033[0]:
| jsoup is a Java HTML parser, built for HTML editing, cleaning,
| scraping, and
Source: libpgjava
Version: 42.4.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libpgjava.
CVE-2022-31197[0]:
| PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to
| connect to
Source: maven-shared-utils
Version: 3.3.0-1
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/MSHARED-297
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for maven-shared-utils.
CVE-2022-29599[0]:
|
Source: netty
Version: 1:4.1.48-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2022-24823[0]:
| Netty is an open-source, asynchronous event-driven network application
| framework.
Hi!
On Mon, Apr 25, 2022 at 01:48:43PM +0100, Neil Williams wrote:
> On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams wrote:
> > Please note, the current homepage for libowasp-antisamy-java appears to
> > have no commits beyond version 1.5.3 but the change for CVE-2022-29577
> > does match the
Source: h2database
Version: 1.4.197-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for h2database.
CVE-2021-42392[0]:
| The org.h2.util.JdbcUtils.getConnection
Source: apache-log4j2
Version: 2.17.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3293
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.17.0-1~deb11u1
Control: found -1
Hi!
On Sat, Dec 18, 2021 at 03:30:16PM +0100, Markus Koschany wrote:
> Control: owner -1 !
>
> Am Samstag, dem 18.12.2021 um 14:37 +0100 schrieb Salvatore Bonaccorso:
> > Source: apache-log4j2
> > Version: 2.16.0-1
> > Severity: grave
> > Tags: secur
Source: apache-log4j2
Version: 2.16.0-1
Severity: grave
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.16.0-1~deb11u1
Control: found -1 2.16.0-1~deb10u1
Hi,
The following
Hi Markus,
On Tue, Dec 14, 2021 at 11:45:20PM +0100, Markus Koschany wrote:
> Control: owner -1 !
>
> Am Dienstag, dem 14.12.2021 um 21:37 +0100 schrieb Salvatore Bonaccorso:
> > Source: apache-log4j2
> > Version: 2.15.0-1
> > Severity: grave
> > Tags: security
Source: apache-log4j2
Version: 2.15.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3221
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.15.0-1~deb11u1
Control: found -1
Source: apache-log4j2
Version: 2.13.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3198
https://github.com/apache/logging-log4j2/pull/608
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1
Source: netty
Version: 1:4.1.48-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2021-43797[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid
Source: kotlin
Version: 1.3.31+~1.0.1+~0.11.12-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi Andrej,
Looking at
https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/
there is an entry for Kotlin. It is said to be
Source: libxml-security-java
Version: 2.0.10-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libxml-security-java.
CVE-2021-40690[0]:
| Bypass of the
Source: jsoup
Version: 1.10.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jsoup.
CVE-2021-37714[0]:
| jsoup is a Java library for working with HTML. Those using jsoup
| versions prior to
Hi Markus,
On Sun, Aug 01, 2021 at 05:53:55PM +0200, Salvatore Bonaccorso wrote:
> Hi Markus,
>
> On Sun, Aug 01, 2021 at 05:28:23PM +0200, Markus Koschany wrote:
> > On Wed, 28 Jul 2021 17:44:49 +0200 Salvatore Bonaccorso
> > wrote:
> >
> > > Hi,
>
Hi Markus,
On Sun, Aug 01, 2021 at 05:28:23PM +0200, Markus Koschany wrote:
> On Wed, 28 Jul 2021 17:44:49 +0200 Salvatore Bonaccorso
> wrote:
>
> > Hi,
> >
> > The following vulnerability was published for apache-directory-server.
> >
> >
Source: apache-directory-server
Version: 2.0.0~M24-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.0.0~M24-3
Hi,
The following vulnerability was published for apache-directory-server.
CVE-2021-33900[0]:
| While
Source: libpdfbox2-java
Version: 2.0.23-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:libpdfbox-java 1:1.8.16-2
Control: retitle -2 libpdfbox-java: CVE-2021-31811 CVE-2021-31812
Hi,
The following
Hi
On Fri, Jul 16, 2021 at 10:44:20PM +0200, Markus Koschany wrote:
> Control: owner -1 !
>
> Hi,
>
> Am Freitag, dem 16.07.2021 um 21:16 +0200 schrieb Salvatore Bonaccorso:
> > Source: jetty9
> > Version: 9.4.39-2
> > Severity: grave
> > Tags:
Source: jetty9
Version: 9.4.39-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jetty9.
CVE-2021-34429[0]:
| For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5
| 11.0.1-11.0.5, URIs can be
Source: libjdom2-java
Version: 2.0.6-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/hunterhacker/jdom/pull/188
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:libjdom1-java 1.1.3-2
Control: found -1 2.0.6-1
Control:
Source: jetty9
Version: 9.4.39-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/eclipse/jetty.project/issues/6277
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jetty9.
CVE-2021-34428[0]:
| For Eclipse Jetty
[Disclaimer, not the package maintainer, but quickly checked your
report for tracking within the security team]
On Sat, Jun 26, 2021 at 01:50:44PM +0200, Christoph Anton Mitterer wrote:
> Source: zookeeper
> Version: 3.4.13-6
> Severity: grave
> Tags: security
> Justification: user security hole
Source: jetty9
Version: 9.4.39-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/eclipse/jetty.project/issues/6263
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jetty9.
CVE-2021-28169[0]:
| For Eclipse Jetty
Hi,
On Mon, Jun 14, 2021 at 10:13:19PM +0200, Salvatore Bonaccorso wrote:
> CVE-2021-3597[0]:
> No description was found (try on a search engine)
Sorry forgot to fill here something sensible.
Salvatore
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debia
Source: undertow
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for undertow, though it is
hard to tell if our version is affected, [1] lacks details.
CVE-2021-3597[0]:
No description was found
[Big disclaimer: I'm not the maintainer but spotted the RC bug filled]
Hi,
On Tue, Jun 08, 2021 at 03:32:18PM -0400, benjamin melançon wrote:
> Source: netbeans
> Version: 12.1-3
> Severity: serious
> Tags: d-i ftbfs
> Justification: fails to build from source
> X-Debbugs-Cc:
Source: libxstream-java
Version: 1.4.15-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libxstream-java.
CVE-2021-29505[0]:
| ### Impact The vulnerability may
HI,
On Tue, May 18, 2021 at 11:05:15PM +0200, Emmanuel Bourg wrote:
> Le 2021-05-18 20:39, Moritz Mühlenhoff a écrit :
>
> > let's remove jodd from bullseye until it gets actually used, ok? I can
> > file
> > an RM bug with the release team.
>
> Yes go ahead.
For same reason we might consider
Hi
Thanks for raising this problem.
On Wed, May 05, 2021 at 10:12:34PM +0200, Andreas Beckmann wrote:
> Source: mqtt-client
> Version: 1.14-1
> Severity: serious
> Tags: security
> User: debian...@lists.debian.org
> Usertags: piuparts
> Control: fixed -1 1.14-1+deb9u1
>
> Hi,
>
> CVE-2019-0222
Hi,
On Sun, Apr 04, 2021 at 09:05:06PM -0700, tony mancill wrote:
> On Sat, Mar 27, 2021 at 07:54:11PM +0100, Salvatore Bonaccorso wrote:
> > Source: libpdfbox2-java
> > Version: 2.0.22-1
> > Severity: important
> > Tags: security upstream
> > Forwarded: http
Source: netty
Version: 1:4.1.48-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
Strictly speaking this might be disputable as RC severity, but I think
it should be reach bullseye and so
Source: libpdfbox2-java
Version: 2.0.22-1
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/PDFBOX-5112
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libpdfbox2-java.
CVE-2021-27906[0]:
| A
Source: libpdfbox2-java
Version: 2.0.22-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libpdfbox2-java.
CVE-2021-27807[0]:
| A carefully crafted PDF file can trigger an infinite loop while
|
Source: libxstream-java
Version: 1.4.15-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for libxstream-java.
CVE-2021-21341[0]:
| XStream is a Java library to serialize objects to XML and back
Source: velocity-tools
Version: 2.0-7
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for velocity-tools.
CVE-2020-13959[0]:
| The default error page for VelocityView in Apache Velocity Tools prior
Source: velocity
Version: 1.7-5.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.7-5
Hi,
The following vulnerability was published for velocity.
CVE-2020-13936[0]:
| An attacker that is able to modify Velocity templates may
Source: xmlgraphics-commons
Version: 2.4-1
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/XGC-122
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xmlgraphics-commons.
CVE-2020-11988[0]:
|
Source: netty
Version: 1:4.1.48-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2021-21295[0]:
| Netty is an open-source, asynchronous event-driven network application
| framework
Source: batik
Version: 1.12-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
The following vulnerability was published for batik.
CVE-2020-11987[0]:
| Apache Batik 1.13 is vulnerable to server-side request forgery, caused
| by improper input
Hi Emmanuel,
On Sat, May 30, 2020 at 02:50:32PM +0200, Emmanuel Bourg wrote:
> Control: severity -1 important
>
> Le 22/05/2020 à 22:51, Salvatore Bonaccorso a écrit :
>
> > The following vulnerability was published for jodd. I'm filling it as
> > RC severity since a
Source: jackson-dataformat-cbor
Version: 2.7.8-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/FasterXML/jackson-dataformats-binary/issues/186
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for
hey Markus,
[Adding CC to t...@s.do so we can better distribute load on requests]
On Fri, Feb 12, 2021 at 08:31:11PM +0100, Markus Koschany wrote:
> Control: owner -1 !
>
> Hi Salvatore,
>
> Am Freitag, den 12.02.2021, 07:42 +0100 schrieb Salvatore Bonaccorso:
> > Source:
Source: activemq
Version: 5.16.0-1
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/AMQ-8035
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for activemq.
CVE-2021-26117[0]:
| The optional ActiveMQ
Source: netty
Version: 1:4.1.48-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:4.1.33-1+deb10u1
Control: found -1 1:4.1.33-1
Hi,
The following vulnerability was published for netty.
CVE-2021-21290[0]:
| Netty is an
) (Closes: #977683)
+
+ -- Salvatore Bonaccorso Sun, 03 Jan 2021 21:12:39 +0100
+
bouncycastle (1.65-1) unstable; urgency=medium
* Team upload.
diff -Nru bouncycastle-1.65/debian/patches/corrected-constant-time-equals.patch bouncycastle-1.65/debian/patches/corrected-constant-time-equals.patch
Source: bouncycastle
Version: 1.65-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for bouncycastle, it affects
1.65 and 1.66 and is fixed in 1.67.
CVE-2020-28052[0]:
Source: libxstream-java
Version: 1.4.14-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.4.11.1-1+deb10u1
Control: found -1 1.4.11.1-1
Hi,
The following vulnerability was published for
1 - 100 of 174 matches
Mail list logo