Bug#853134: CVE-2017-5617: svgSalamander

2017-02-01 Thread Sebastiaan Couwenberg
Control: tags -1 pending On 02/01/2017 10:08 AM, Bas Couwenberg wrote: > On 2017-02-01 09:35, Bas Couwenberg wrote: >> Including the JOSM developers (josm-...@openstreetmap.org) is also a >> good idea, they (and Vincent Privat in particular) have contributed >> patches to svgSalamander recently.

Processed: Re: CVE-2017-5617: svgSalamander

2017-02-01 Thread Debian Bug Tracking System
Processing control commands: > tags -1 pending Bug #853134 [src:svgsalamander] svgsalamander: CVE-2017-5617 Ignoring request to alter tags of bug #853134 to the same tags previously set -- 853134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853134 Debian Bug Tracking System Contact

Processed: Pending fixes for bugs in the svgsalamander package

2017-02-01 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tag 853134 + pending Bug #853134 [src:svgsalamander] svgsalamander: CVE-2017-5617 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 853134:

Bug#853134: Pending fixes for bugs in the svgsalamander package

2017-02-01 Thread pkg-java-maintainers
tag 853134 + pending thanks Some bugs in the svgsalamander package are closed in revision 1831801120fe371f2c19b8fffc11d4188d9ea51c in branch 'master' by Bas Couwenberg The full diff can be seen at https://anonscm.debian.org/cgit/pkg-java/svgsalamander.git/commit/?id=1831801 Commit message:

reproducible.debian.net status changes for ant-contrib

2017-02-01 Thread Reproducible builds folks
2017-02-01 13:28 https://tests.reproducible-builds.org/debian/unstable/amd64/ant-contrib changed from FTBFS -> reproducible __ This is the maintainer address of Debian's Java team . Please use

libjide-oss-java_3.6.17+dfsg-1_source.changes ACCEPTED into experimental

2017-02-01 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 01 Feb 2017 23:30:38 +0100 Source: libjide-oss-java Binary: libjide-oss-java libjide-oss-java-doc Architecture: source Version: 3.6.17+dfsg-1 Distribution: experimental Urgency: medium Maintainer: Debian Java

Processing of libjide-oss-java_3.6.17+dfsg-1_source.changes

2017-02-01 Thread Debian FTP Masters
libjide-oss-java_3.6.17+dfsg-1_source.changes uploaded successfully to localhost along with the files: libjide-oss-java_3.6.17+dfsg-1.dsc libjide-oss-java_3.6.17+dfsg.orig.tar.xz libjide-oss-java_3.6.17+dfsg-1.debian.tar.xz libjide-oss-java_3.6.17+dfsg-1_source.buildinfo Greetings,

ecj 3.11.1-1 MIGRATED to testing

2017-02-01 Thread Debian testing watch
FYI: The status of the ecj source package in Debian's testing distribution has changed. Previous version: 3.11.0-7 Current version: 3.11.1-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive

ant 1.9.8-3 MIGRATED to testing

2017-02-01 Thread Debian testing watch
FYI: The status of the ant source package in Debian's testing distribution has changed. Previous version: 1.9.7-3 Current version: 1.9.8-3 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive

[Branch ~openjdk/openjdk/openjdk8] Rev 697: * Fix 8164293: HotSpot leaking memory in long-running requests.

2017-02-01 Thread noreply
revno: 697 committer: Matthias Klose branch nick: openjdk8 timestamp: Wed 2017-02-01 12:54:31 +0100 message: * Fix 8164293: HotSpot leaking memory in long-running requests. Closes: #853758. added:

[Branch ~openjdk/openjdk/openjdk8] Rev 698: - bump debhelper level

2017-02-01 Thread noreply
revno: 698 committer: Matthias Klose branch nick: openjdk8 timestamp: Wed 2017-02-01 12:54:55 +0100 message: - bump debhelper level modified: debian/compat -- lp:~openjdk/openjdk/openjdk8

Bug#853134: CVE-2017-5617: svgSalamander

2017-02-01 Thread Bas Couwenberg
On 2017-02-01 09:35, Bas Couwenberg wrote: Including the JOSM developers (josm-...@openstreetmap.org) is also a good idea, they (and Vincent Privat in particular) have contributed patches to svgSalamander recently. I'll report the issue in the JOSM Trac since it also affects the embedded copy

Bug#853134: CVE-2017-5617: svgSalamander

2017-02-01 Thread Bas Couwenberg
Hi Felix, On 2017-02-01 09:13, Felix Natter wrote: there is a security vulnerability in svgSalamander: https://github.com/blackears/svgSalamander/issues/11 I've been following that issue since it popped up on by DMD TODO list. The problem occurs when including raster/svg images via . The

Bug#853134: CVE-2017-5617: svgSalamander

2017-02-01 Thread Felix Natter
hello d-gis/Bas, there is a security vulnerability in svgSalamander: https://github.com/blackears/svgSalamander/issues/11 The problem occurs when including raster/svg images via . The reporter says "How to fix - any schemes apart from data in the xlink:href attribute should be disallowed" -->