Bug#827511: marked as done (hunspell integration Consts obsolete?)

[Debian Bug Tracking System]

Your message dated Sun, 19 Jun 2016 05:28:06 +
with message-id 
and subject line Bug#827606: Removed package(s) from unstable
has caused the Debian Bug report #827511,
regarding hunspell integration Consts obsolete?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
827511: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827511
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: omegat
Version: 2.3.0.1+dfsg-3
Severity: important

Hi,

On Thu, Jun 16, 2016 at 10:40:46PM -0400, Jeremy Bicha wrote:
> Package:omegat
> Version: 2.3.0.1+dfsg-4
> Severity: serious
> 
> libhunspell-1.3-0 has been replaced by libhunspell-1.4-0 in Debian
> unstable and testing.
> 
> I took a guess at the bug severity. I believe it's a RC issue because
> upgraders who have libhunspell-1.3-0 installed will not receive any
> bugfixes or security updates for that version of the library.

Even worse; are you sure this hunspell integration is even working? I see
(both in stable and testing/unstable) only

--- a/src/org/omegat/util/OConsts.java
+++ b/src/org/omegat/util/OConsts.java
@@ -100,7 +100,11 @@
 public static final String LEARNED_WORD_LIST_FILE_NAME = 
"learned_words.txt";^M
 ^M
 /** The name of the spell checking library */^M
-public static final String SPELLCHECKER_LIBRARY_NAME = "hunspell";^M
+public static final String SPELLCHECKER_LIBRARY_NAME = "hunspell-1.2";^M
+^M
+/** directory of system dictionaries */^M
+public static final String SPELLCHECKER_SYSTEM_DICTIONARY_DIRECTORY =^M
+"/usr/share/myspell/dicts";^M
 ^M
 /** the native library directory */^M
 public static final String NATIVE_LIBRARY_DIR = "native";^M

patched in.

SPELLCHECKER_LIBRARY_NAME coul dhave stayed hunspell to be compatible,
hunspell-1.2 is long gone (even wheezy has 1.3) and /usr/share/myspell/dicts
is compat stuff and maybe should be changed to /usr/share/hunspell/dicts?

(And yeah, I missed this package in the transition because it wasn't
a Depends:)

Regards,

Rene
--- End Message ---
--- Begin Message ---
Version: 2.3.0.1+dfsg-4+rm

Dear submitter,

as the package omegat has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/827606

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#827502: marked as done (omegat: Recommends libhunspell-1.3-0 but that package no longer exists in Stretch)

[Debian Bug Tracking System]

Your message dated Sun, 19 Jun 2016 05:28:06 +
with message-id 
and subject line Bug#827606: Removed package(s) from unstable
has caused the Debian Bug report #827502,
regarding omegat: Recommends libhunspell-1.3-0 but that package no longer 
exists in Stretch
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
827502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827502
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package:omegat
Version: 2.3.0.1+dfsg-4
Severity: serious

libhunspell-1.3-0 has been replaced by libhunspell-1.4-0 in Debian
unstable and testing.

I took a guess at the bug severity. I believe it's a RC issue because
upgraders who have libhunspell-1.3-0 installed will not receive any
bugfixes or security updates for that version of the library.

Thanks,
Jeremy Bicha

$ apt show omegat
Package: omegat
Version: 2.3.0.1+dfsg-4
Priority: optional
Section: universe/editors
Depends: default-jre | java6-runtime | java7-runtime,
libvldocking-java, libhtmlparser-java, libswing-layout-java
Recommends: libjna-java, libhunspell-1.3-0
--- End Message ---
--- Begin Message ---
Version: 2.3.0.1+dfsg-4+rm

Dear submitter,

as the package omegat has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/827606

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#737369: marked as done (omegat: We are two years behind upstream. (Has this package been abandoned?))

[Debian Bug Tracking System]

Your message dated Sun, 19 Jun 2016 05:28:06 +
with message-id 
and subject line Bug#827606: Removed package(s) from unstable
has caused the Debian Bug report #737369,
regarding omegat: We are two years behind upstream. (Has this package been 
abandoned?)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
737369: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737369
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: omegat
Version: 2.3.0.1+dfsg-3
Severity: wishlist

Latest package version is 2.3.0.1+dfsg-3, released on 04 Dec 2011.
Latest upstream stable version is  2.6.3 update3, released on 15 January 2014.

The difference is more that 2 years. Is there any chance that this package is
going to be updated?



-- System Information:
Debian Release: 7.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=hu_HU.UTF-8, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages omegat depends on:
ii  libhtmlparser-java1.6.20060610.dfsg0-3
ii  libswing-layout-java  1.0.4-2
ii  libvldocking-java 2.1.4-4
ii  openjdk-6-jre 6b27-1.12.6-1~deb7u1
ii  openjdk-7-jre 7u51-2.4.5-1

Versions of packages omegat recommends:
ii  libhunspell-1.3-0  1.3.2-4
ii  libjna-java3.2.7-4

Versions of packages omegat suggests:
pn  libaccess-bridge-java-jni  

-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2.3.0.1+dfsg-4+rm

Dear submitter,

as the package omegat has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/827606

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#827606: Removed package(s) from unstable

[Debian FTP Masters]

We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

omegat | 2.3.0.1+dfsg-4 | source, all

--- Reason ---
ROM; out of date; request of upstream
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

We try to close bugs which have been reported against this package
automatically. But please check all old bugs, if they were closed
correctly or should have been re-assigned to another package.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 827...@bugs.debian.org.

The full log for this bug can be viewed at https://bugs.debian.org/827606

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#827607: Removed package(s) from unstable

[Debian FTP Masters]

We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

omegat-plugin-tokenizer | 0.4.2+dfsg-2 | source, all

--- Reason ---
ROM; out of date; RM of omegat
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

We try to close bugs which have been reported against this package
automatically. But please check all old bugs, if they were closed
correctly or should have been re-assigned to another package.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 827...@bugs.debian.org.

The full log for this bug can be viewed at https://bugs.debian.org/827607

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#827606: Removed package(s) from unstable

[Debian FTP Masters]

Version: 2.3.0.1+dfsg-4+rm

Dear submitter,

as the package omegat has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/827606

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#827620: marked as done (netty: CVE-2016-4970: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl)

[Debian Bug Tracking System]

Your message dated Sat, 18 Jun 2016 22:25:04 +
with message-id 
and subject line Bug#827620: fixed in netty 1:4.0.37-1
has caused the Debian Bug report #827620,
regarding netty: CVE-2016-4970: Infinite loop vulnerability when handling 
renegotiation using SslProvider.OpenSsl
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
827620: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827620
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: netty
Version: 1:4.0.36-2
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for netty. Can you please
double-check this issue. According the upstream all versions
4.0.0.Final - 4.0.36.Final and 4.1.0.Final would be affected, and
fixed in 4.1.1.Final, according to [1].

CVE-2016-4970[0]:
Infinite loop vulnerability when handling renegotiation using 
SslProvider.OpenSsl

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-4970
[1] http://netty.io/news/2016/06/07/4-1-1-Final.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: netty
Source-Version: 1:4.0.37-1

We believe that the bug you reported is fixed in the latest version of
netty, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 827...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated netty package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Jun 2016 14:45:03 -0700
Source: netty
Binary: libnetty-java
Architecture: source all
Version: 1:4.0.37-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Description:
 libnetty-java - Java NIO client/server socket framework
Closes: 827620
Changes:
 netty (1:4.0.37-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream release. (Closes: #827620) CVE-2016-4970
   * Add build-dependency on liblog4j2-java.
Checksums-Sha1:
 c6ce62e0e456fe0c6e7f0bcad92f058ed7df4bc3 2430 netty_4.0.37-1.dsc
 e5c52af4c671b8ef527d8db254f8cfa3784a4ce1 869792 netty_4.0.37.orig.tar.xz
 54e0935f183a63c107e1a5afdb038e1086993fb0 7344 netty_4.0.37-1.debian.tar.xz
 09b636dfa61bb8c0e2594e22dda79172b54e2790 1814470 libnetty-java_4.0.37-1_all.deb
Checksums-Sha256:
 eb0b86676a9feb06c29b65e23d2c8d2e86d0b821338068b75187416f01dea0e9 2430 
netty_4.0.37-1.dsc
 97b8bc67d6f346ec277707a012ed39bf63783c8ebeb98b5ab8dd144844496cc4 869792 
netty_4.0.37.orig.tar.xz
 1b9902517caa5c6dabd26b45644eb53efb10af2396bf282c2b24d0a6144ca4eb 7344 
netty_4.0.37-1.debian.tar.xz
 5d2e2dca96307135edceddf0cb88af6b6621603eef298e3f599158e99f8d5bb3 1814470 
libnetty-java_4.0.37-1_all.deb
Files:
 a980a02bb367e0f756c7ade58f52b95e 2430 java optional netty_4.0.37-1.dsc
 c2b96f11cb689ea4e85256d9b5c38a2e 869792 java optional netty_4.0.37.orig.tar.xz
 1984a70124c0e6ceb5f32e66a4558e33 7344 java optional 
netty_4.0.37-1.debian.tar.xz
 82747c3e2fb11abb6c28662781bf1ef5 1814470 java optional 
libnetty-java_4.0.37-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXZcLgAAoJECHSBYmXSz6WAt8QALfMwy7Gw4WxNuGXzWoOgaSL
X0rUqYuReI1nXXMRc8Ch4jjlZd67LVfqIXsyFhTYFVxsta8YYECg+6X3xCqGtDs+
anoySTDx10etz0nRg3LAMdMrxwKvtOGK5lQDjZBKG/XJa33C9/reSuMPGxpJ1XI1
+bCt9vpACXsJd6t5yxBQnJ6VEw34moI1AOQ1NDOsmLmgoi8zTJ7FeL8d34Nlvjwq
PesMTie69WHLH62Mx8d6DpCthiGwLoQEMSeBBdmk6aZ70T5VPJ9hZQUIj/9A3PIm
/1RcYKBdhCNP590h88TvS2N5PA5W3l8ony58J+k2ufONuLDKoLNja16IwUUmfBaX
004BRzR4wbK40i0tTz1PJ0k5ONdHLtY4xhS60LFMzMF+PAkqgepSI9JlfMnSYVxl
9mdyfoDvDwsC+RRvixUFRntKcq8xO1HvO+LPQ/Rav+lOV5KwnXcB/ubKdNsj7/Qv
wEOp1VZGVeKvAGAybtyYQ0w+nmgeID6JtXodZbO3iZIgKRsfAZy0TpsrMow0QImZ
yrXaBwVeE3uFflr6++TD6cFue5dIqcJZc6a1VxnGgH6QM5GhDls7lFB/fLRaV5U5
jCMMLEWQ/V7vGi3MvnYgOFJLMfe6cUpoHefssl113rvEY//xT6t/g7dSwcgz9atS
+46bqW/q+QOdlX8l12Ef
=gQrd
-END PGP SIGNATURE End 

netty_4.0.37-1_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Jun 2016 14:45:03 -0700
Source: netty
Binary: libnetty-java
Architecture: source all
Version: 1:4.0.37-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Description:
 libnetty-java - Java NIO client/server socket framework
Closes: 827620
Changes:
 netty (1:4.0.37-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream release. (Closes: #827620) CVE-2016-4970
   * Add build-dependency on liblog4j2-java.
Checksums-Sha1:
 c6ce62e0e456fe0c6e7f0bcad92f058ed7df4bc3 2430 netty_4.0.37-1.dsc
 e5c52af4c671b8ef527d8db254f8cfa3784a4ce1 869792 netty_4.0.37.orig.tar.xz
 54e0935f183a63c107e1a5afdb038e1086993fb0 7344 netty_4.0.37-1.debian.tar.xz
 09b636dfa61bb8c0e2594e22dda79172b54e2790 1814470 libnetty-java_4.0.37-1_all.deb
Checksums-Sha256:
 eb0b86676a9feb06c29b65e23d2c8d2e86d0b821338068b75187416f01dea0e9 2430 
netty_4.0.37-1.dsc
 97b8bc67d6f346ec277707a012ed39bf63783c8ebeb98b5ab8dd144844496cc4 869792 
netty_4.0.37.orig.tar.xz
 1b9902517caa5c6dabd26b45644eb53efb10af2396bf282c2b24d0a6144ca4eb 7344 
netty_4.0.37-1.debian.tar.xz
 5d2e2dca96307135edceddf0cb88af6b6621603eef298e3f599158e99f8d5bb3 1814470 
libnetty-java_4.0.37-1_all.deb
Files:
 a980a02bb367e0f756c7ade58f52b95e 2430 java optional netty_4.0.37-1.dsc
 c2b96f11cb689ea4e85256d9b5c38a2e 869792 java optional netty_4.0.37.orig.tar.xz
 1984a70124c0e6ceb5f32e66a4558e33 7344 java optional 
netty_4.0.37-1.debian.tar.xz
 82747c3e2fb11abb6c28662781bf1ef5 1814470 java optional 
libnetty-java_4.0.37-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXZcLgAAoJECHSBYmXSz6WAt8QALfMwy7Gw4WxNuGXzWoOgaSL
X0rUqYuReI1nXXMRc8Ch4jjlZd67LVfqIXsyFhTYFVxsta8YYECg+6X3xCqGtDs+
anoySTDx10etz0nRg3LAMdMrxwKvtOGK5lQDjZBKG/XJa33C9/reSuMPGxpJ1XI1
+bCt9vpACXsJd6t5yxBQnJ6VEw34moI1AOQ1NDOsmLmgoi8zTJ7FeL8d34Nlvjwq
PesMTie69WHLH62Mx8d6DpCthiGwLoQEMSeBBdmk6aZ70T5VPJ9hZQUIj/9A3PIm
/1RcYKBdhCNP590h88TvS2N5PA5W3l8ony58J+k2ufONuLDKoLNja16IwUUmfBaX
004BRzR4wbK40i0tTz1PJ0k5ONdHLtY4xhS60LFMzMF+PAkqgepSI9JlfMnSYVxl
9mdyfoDvDwsC+RRvixUFRntKcq8xO1HvO+LPQ/Rav+lOV5KwnXcB/ubKdNsj7/Qv
wEOp1VZGVeKvAGAybtyYQ0w+nmgeID6JtXodZbO3iZIgKRsfAZy0TpsrMow0QImZ
yrXaBwVeE3uFflr6++TD6cFue5dIqcJZc6a1VxnGgH6QM5GhDls7lFB/fLRaV5U5
jCMMLEWQ/V7vGi3MvnYgOFJLMfe6cUpoHefssl113rvEY//xT6t/g7dSwcgz9atS
+46bqW/q+QOdlX8l12Ef
=gQrd
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#827620: netty: CVE-2016-4970: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl

[tony mancill]

On 06/18/2016 11:51 AM, Salvatore Bonaccorso wrote:
> Source: netty
> Version: 1:4.0.36-2
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for netty. Can you please
> double-check this issue. According the upstream all versions
> 4.0.0.Final - 4.0.36.Final and 4.1.0.Final would be affected, and
> fixed in 4.1.1.Final, according to [1].
> 
> CVE-2016-4970[0]:
> Infinite loop vulnerability when handling renegotiation using 
> SslProvider.OpenSsl
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2016-4970
> [1] http://netty.io/news/2016/06/07/4-1-1-Final.html
> 
> Please adjust the affected versions in the BTS as needed.
> 
> Regards,
> Salvatore


Hi Salvatore,

Based on the notes in [2], I have uploaded 4.0.37 to unstable, which
should take care of the CVE in unstable and testing.  This will give the
Java Team a moment to discuss strategy regarding 4.0.x vs. 4.1.x.

I haven't seen any information as to whether this vulnerability also
affects the version in stable, 3.2.6.

Cheers,
tony

[2] http://netty.io/news/2016/06/07/4-0-37-Final.html



signature.asc
Description: OpenPGP digital signature
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#827577: cronometer: cannot select text in cronometer

[tony mancill]

On 06/17/2016 07:23 PM, koanhead wrote:
> Package: cronometer
> Version: 0.9.9+dfsg-1
> Severity: normal
> 
> Dear Maintainer,
> 
> When attempting to select text in Recipe Editor, Nutrients tab, General tab,
> all the data in the table is 'grayed out' and not selectable. This makes it
> impossible to copy-paste this data and share it.

Hi,

Thank you for the bug report.  Is this new behavior, or are you
reporting a general (upstream) bug with the software?

I checked the upstream site, and although the project is viable, it
doesn't appear that the standalone Java client is under active
development.  Instead, the upstream authors redirect users to the web
version [1,2].  For that reason, I suspect it's unlikely that the
upstream authors will look into updating the library used in the client.

Perhaps someone will fork the project and continue development on the
standalone client.

Thank you,
tony

[1] https://cronometer.com/download/
[2] https://cronometer.com/

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of netty_4.0.37-1_amd64.changes

[Debian FTP Masters]

netty_4.0.37-1_amd64.changes uploaded successfully to localhost
along with the files:
  netty_4.0.37-1.dsc
  netty_4.0.37.orig.tar.xz
  netty_4.0.37-1.debian.tar.xz
  libnetty-java_4.0.37-1_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

h2database_1.4.192-2_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 18 Jun 2016 23:41:19 +0200
Source: h2database
Binary: libh2-java libh2-java-doc
Architecture: source
Version: 1.4.192-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libh2-java - H2 Database Engine
 libh2-java-doc - H2 Database Engine (documentation)
Changes:
 h2database (1.4.192-2) unstable; urgency=medium
 .
   * Fixed the build failure in offline mode
Checksums-Sha1:
 4b894ca4dd161048ca8e0e360ce90cbbab6440c9 2151 h2database_1.4.192-2.dsc
 f33ef4563394e9fc56fa864eb3c491bb55985154 12192 
h2database_1.4.192-2.debian.tar.xz
Checksums-Sha256:
 51ce559e67f7bba9e83d5dda14562472f5c9bda03646f30ee1806916eb53 2151 
h2database_1.4.192-2.dsc
 0c70cbd4b9f76dabdcb3c2d5c6a9b4a5e48554172790a557ddee9dbe098412fa 12192 
h2database_1.4.192-2.debian.tar.xz
Files:
 4194f551c5ae625d05b9c0e897bd7ed2 2151 java optional h2database_1.4.192-2.dsc
 dd027ed44781104f513eac367dc03694 12192 java optional 
h2database_1.4.192-2.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXZcCRAAoJEPUTxBnkudCsI70P/3hWXrtvb6wakTdJ8EDqYHh0
VWFLQ3U6xEgnmVQMI3RcAeVga02plfkGmcX6a4tvFdDRw99VONBM1HIQzQRPee1G
yzcP47aPrcm4d5kiLiNeddDWGFL1xdar0wm27pSPtDzkmHjLehaKkDd9GKBVgPSA
K0a0G9gZ49dPvtAGzftRKC7Y2IsqfAgJY1TnM1g2fdL6SdV0OOcsvpvpYlhrb/Oh
posdSUGnkI3trIswrdTH2JwWoENti9C4PF/DBLtSwzVYyudueyIJIbdcrgl5jJqw
C0HKyWRHY3vToceWjowTaleY0MR7QYQJB1FyyjyGbS5FMGvi87pr/TOgHFeT/jZ9
bxf18s0rCI4k/ZthvFMEgu9LD8C5bFGtC65rBqn+2nID3z9lWdEZunW6fUDMP3cY
f5srXLoEBEwv7UzS2lnEOKMtPScgIeOO/YYmcGMURGkmhOQHui7wTrXCYSZim1cZ
FTOc+ncYo1VE1aueiHmnyqTUdPylGkvNb9ilp8RnNvqVHUXMquczf0ygAVvVaZSV
u9fVkouvLFFK1HrIaAfM+8cC1CQq0NLETXuOoyeWEpW+nFkFpLxn6EgIw8H+Cmuz
emaqZAxTdyQTOl5iQcEBkzOQzrX0hEzTXcoPInP3Mqe9eMBhrBwughZQGxa8wOiz
pMOTMyLqEIRRX1wSYHIV
=qURt
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of h2database_1.4.192-2_source.changes

[Debian FTP Masters]

h2database_1.4.192-2_source.changes uploaded successfully to localhost
along with the files:
  h2database_1.4.192-2.dsc
  h2database_1.4.192-2.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#827620: netty: CVE-2016-4970: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl

[Salvatore Bonaccorso]

Source: netty
Version: 1:4.0.36-2
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for netty. Can you please
double-check this issue. According the upstream all versions
4.0.0.Final - 4.0.36.Final and 4.1.0.Final would be affected, and
fixed in 4.1.1.Final, according to [1].

CVE-2016-4970[0]:
Infinite loop vulnerability when handling renegotiation using 
SslProvider.OpenSsl

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-4970
[1] http://netty.io/news/2016/06/07/4-1-1-Final.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.