[bts-link] source package src:libjtype-java
# # bts-link upstream status pull for source package src:libjtype-java # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # user bts-link-upstr...@lists.alioth.debian.org # remote status report for #751526 (http://bugs.debian.org/751526) # Bug title: libjtype-java: FTBFS with Java 8: DefaultTypeVariable doesn't implement getAnnotatedBounds() # * http://code.google.com/p/jtype/issues/detail?id=1 # * remote status changed: (?) - New usertags 751526 + status-New thanks __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#758086: CVE-2012-6153: Apache HttpComponents client: Hostname verification susceptible to MITM attack
On Mon, Sep 22, 2014 at 03:56:00PM +0200, Raphael Hertzog wrote: Hi, On Mon, 18 Aug 2014, Salvatore Bonaccorso wrote: On Thu, Aug 14, 2014 at 11:43:32PM +0200, Emmanuel Bourg wrote: Is there an example available somewhere of a subject improperly parsed by commons-httpclient/3.1-10.2? This would help backporting the fix to this version. I think this is already fixed in 3.1-10.2, see the Red Hat bug as reference and See https://bugs.debian.org/692442#56 and and following mails. I don't understand this from those mails. On the contrary, RedHat did update their packages with a new patch on top of the former patch: https://git.centos.org/blob/rpms!jakarta-commons-httpclient/5acb7f7b3e637c3a6d072e3f037a3c4abb6c48af/SOURCES!jakarta-commons-httpclient-CVE-2014-3577.patch And the Debian package still have the old version of getCN(). What's the status? Can we get that fixed for jessie? Cheers, Moritz __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#764630: RFS: javatools 0.48 [RC]
On Sun, 21. Dec 09:57 tony mancill tmanc...@debian.org wrote: On 12/15/2014 12:06 AM, Mathieu Malaterre wrote: On Sun, Dec 14, 2014 at 6:50 PM, Markus Koschany a...@gambaru.de wrote: [...] Actually what was the reasoning behind the choice to use a custom shell script like jarwrapper instead of jexec to register executable jars with binfmt-misc? This question also came up in the bug report. Here is my guess: `jexec` only works with openjdk installed. At one point debian had multiple java implementation (sun, kaffe...). These days only two really remains, so maybe an easier solution would be to have a `gcj-exec` provided by `gcj-jdk` to mimic openjdk package. Which means it would be much easier to handle the LD_LIBRARY_PATH issue within the `gcj-exec` executable. jarwrapper is only really needed with a custom jre installation... That sounds reasonable to me, although it can be hard in practice to keep things functional for users running non-Debian JRE packages. Which is not to say that we shouldn't generally discourage jarwrapper... I think before we create another solution like gcj-exec, it is easier to maintain the current implementation of jarwrapper. I agree that gcj's handling of LD_LIBRARY_PATH and Multiarch could be improved but in my opinion there are other aspects about gcj which deserve even more attention. Most modern Java applications just don't work with it. I suggest to upload the fix for #764630 now. I just saw tony's email from the 21th. The current state on master is final. I haven't planned any further changes to jarwrapper. Please go ahead. Regards, Markus signature.asc Description: Digital signature __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Re: tomcat6 DSA for wheezy
On Mon, Dec 15, 2014 at 04:23:30PM +0100, Holger Levsen wrote: Hi, This update itself fixes no security issues but is needed for libtcnative-1 users as version 1.1.20 from Squeeze does not work with tomcat6 6.0.41 from Squeeze LTS. Do we also need to update tomcat-native in wheezy or is 1.1.24 from wheezy sufficient? Cheers, Moritz __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.