Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784

Hi, seems the package is ready for an upload. Any reason why this is not done? I could sponsor an upload or NMU if this would help. Kind regards Andreas. -- http://fam-tille.de __ This is the maintainer address of Debian's Java team

Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784

Hi, I've uploaded the two packages to mentors.debian.net. We must solve the two bugs at the same time because axis uses commons-httpclient. Upstream seems End-of-life and rejected the patches. El mié, 05-12-2012 a las 16:43 +0100, Andreas Tille escribió: Hi, seems the package is ready for

Bug#692442: Patches for CVE-2012-5783 and CVE-2012-5784

Hi Alberto, On Wed, Dec 05, 2012 at 06:01:51PM +0100, Alberto Fernández wrote: I've uploaded the two packages to mentors.debian.net. We must solve the two bugs at the same time because axis uses commons-httpclient. I guess you mean bug #692442, right? Upstream seems End-of-life and

Bug#692442: Patches for CVE-2012-5783 and CVE-2012-5784

Hi Andreas I've uploaded both packages to mentors. commons-httpclient - bug #692442 CVE-2012-5783 axis - bug #692650 CVE-2012-5784 Since axis uses commons-httpclient, we need fix and upload both packages. Upstream has ignored axis patch, and rejected commons-httpclient patch. Basically, they

Bug#692442: Patches for CVE-2012-5783 and CVE-2012-5784

Hi Andreas I've uploaded both packages to mentors. commons-httpclient - bug #692442 CVE-2012-5783 axis - bug #692650 CVE-2012-5784 Since axis uses commons-httpclient, we need fix and upload both packages. Upstream has ignored axis patch, and rejected commons-httpclient patch.

Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784

Hi All The upstream patch for CVE-2012-5783 referred to in Red Hat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=873317#c3 Is the 4.x patch. As you've noted, there is no 3.x patch available and upstream won't provide one because it is EOL. I think Alberto's patch looks sane (from a

Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784

Hi, thanks for the additional information. Please note that I uploaded the NMUed packages yesterday. In case the just one small issue mentioned by David below is serious above please reopen the bug report to prevent migration to testing (I also filed unblock request bugs). Kind regards

Bug#695250: tomcat6: CVE-2012-4534 CVE-2012-4431 CVE-2012-3546

Package: tomcat6 Severity: grave Tags: security Justification: user security hole More Tomcat security issues have been disclosed: http://tomcat.apache.org/security-6.html The page contains links to the upstream fixes. BTW, is there a specific reason why both tomcat6 and tomcat7 are present in

Bug#695251: tomcat7: CVE-2012-4431 CVE-2012-4534 CVE-2012-3546

Package: tomcat7 Severity: grave Tags: security Justification: user security hole New security issues in Tomcat have been disclosed: http://tomcat.apache.org/security-7.html The page contains links to upstream fixes. Cheers, Moritz __ This is the maintainer address of Debian's Java