plexus-utils 1:1.5.15-5 MIGRATED to testing

2018-01-11 Thread Debian testing watch
FYI: The status of the plexus-utils source package in Debian's testing distribution has changed. Previous version: 1:1.5.15-4 Current version: 1:1.5.15-5 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you

tests.reproducible-builds.org/debian status changes for libcommons-jexl2-java

2018-01-11 Thread Reproducible builds folks
2018-01-11 17:46 https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-jexl2-java changed from reproducible -> FTBFS __ This is the maintainer address of Debian's Java team . Please use

Bug#885577: marked as done (libhibernate-validator-java: CVE-2017-7536: Privilege escalation when running under the security manager)

2018-01-11 Thread Debian Bug Tracking System
Your message dated Thu, 11 Jan 2018 15:10:07 + with message-id and subject line Bug#885577: fixed in libhibernate-validator-java 4.3.3-4 has caused the Debian Bug report #885577, regarding libhibernate-validator-java: CVE-2017-7536: Privilege escalation

libhibernate-validator-java_4.3.3-4_source.changes ACCEPTED into unstable

2018-01-11 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 11 Jan 2018 14:43:58 +0100 Source: libhibernate-validator-java Binary: libhibernate-validator-java Architecture: source Version: 4.3.3-4 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers

Bug#885577: libhibernate-validator-java: CVE-2017-7536: Privilege escalation when running under the security manager

2018-01-11 Thread Markus Koschany
Am 08.01.2018 um 20:31 schrieb Salvatore Bonaccorso: [...] > Ok, thanks a lot for double checking. Again, I'm not sure how pressing > the issue is, I'm defering a DSA/no-DSA decision to one of my > teammates. Privilege escalation rings some bells obviously. > > For older versions than 4.3.3, am I

Processing of libhibernate-validator-java_4.3.3-4_source.changes

2018-01-11 Thread Debian FTP Masters
libhibernate-validator-java_4.3.3-4_source.changes uploaded successfully to localhost along with the files: libhibernate-validator-java_4.3.3-4.dsc libhibernate-validator-java_4.3.3-4.debian.tar.xz libhibernate-validator-java_4.3.3-4_amd64.buildinfo Greetings, Your Debian queue

Processed: Pending fixes for bugs in the libhibernate-validator-java package

2018-01-11 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tag 885577 + pending Bug #885577 [src:libhibernate-validator-java] libhibernate-validator-java: CVE-2017-7536: Privilege escalation when running under the security manager Added tag(s) pending. > thanks Stopping processing here. Please contact

Bug#885577: Pending fixes for bugs in the libhibernate-validator-java package

2018-01-11 Thread pkg-java-maintainers
tag 885577 + pending thanks Some bugs in the libhibernate-validator-java package are closed in revision 6cc019279593357c44a628ce1e7dc50dba8c5059 in branch 'master' by Markus Koschany The full diff can be seen at

[libhibernate-validator-java] annotated tag debian/4.3.3-4 created (now 0bffbd3)

2018-01-11 Thread Markus Koschany
This is an automated email from the git hooks/post-receive script. apo pushed a change to annotated tag debian/4.3.3-4 in repository libhibernate-validator-java. at 0bffbd3 (tag) tagging 555085d14e7f69819f31e814e907d43f243490f0 (commit) replaces debian/4.3.3-3 tagged by

[libhibernate-validator-java] 05/06: Fix CVE-2017-7536.

2018-01-11 Thread Markus Koschany
This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch master in repository libhibernate-validator-java. commit 6cc019279593357c44a628ce1e7dc50dba8c5059 Author: Markus Koschany Date: Thu Jan 11 14:39:46 2018 +0100 Fix

[libhibernate-validator-java] 02/06: Declare compliance with Debian Policy 4.1.3.

2018-01-11 Thread Markus Koschany
This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch master in repository libhibernate-validator-java. commit 86d00a0c8ca6ca3e9cad06410dd3d81f28284b94 Author: Markus Koschany Date: Thu Jan 11 14:23:42 2018 +0100 Declare

[libhibernate-validator-java] 01/06: Switch to compat level 11.

2018-01-11 Thread Markus Koschany
This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch master in repository libhibernate-validator-java. commit 8b7405589a5df3f22ad1a531d642e42a133911d6 Author: Markus Koschany Date: Thu Jan 11 14:23:29 2018 +0100 Switch to

[libhibernate-validator-java] 06/06: Update changelog

2018-01-11 Thread Markus Koschany
This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch master in repository libhibernate-validator-java. commit 555085d14e7f69819f31e814e907d43f243490f0 Author: Markus Koschany Date: Thu Jan 11 14:44:30 2018 +0100 Update

[libhibernate-validator-java] 04/06: Remove unused maven.cleanIgnoreRules and maven.publishedRules.

2018-01-11 Thread Markus Koschany
This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch master in repository libhibernate-validator-java. commit 0312622ca0dae9a339a855353c61d971f933cd9f Author: Markus Koschany Date: Thu Jan 11 14:24:34 2018 +0100 Remove unused

[libhibernate-validator-java] branch master updated (7a95390 -> 555085d)

2018-01-11 Thread Markus Koschany
This is an automated email from the git hooks/post-receive script. apo pushed a change to branch master in repository libhibernate-validator-java. from 7a95390 Upload to unstable new 8b74055 Switch to compat level 11. new 86d00a0 Declare compliance with Debian Policy

[libhibernate-validator-java] 03/06: Rename README.Debian-source to README.source.

2018-01-11 Thread Markus Koschany
This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch master in repository libhibernate-validator-java. commit aac50f14629dbc8852f321f9569f3ed695418457 Author: Markus Koschany Date: Thu Jan 11 14:24:05 2018 +0100 Rename

Bug#825501: CVE-2016-4434

2018-01-11 Thread Faidon Liambotis
On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote: > please see http://seclists.org/oss-sec/2016/q2/413 for details. That link says: Versions Affected: Apache Tika 0.10 to 1.12 So perhaps 1.5 isn't affected after all? I tried to find the relevant commit in the upstream git

Re: Proposed (lib)curl switch to openssl 1.1

2018-01-11 Thread Julien Cristau
On 01/11/2018 12:59 AM, Alessandro Ghedini wrote: > On Sat, Dec 02, 2017 at 06:09:39PM +0100, Julien Cristau wrote: >> On Thu, Nov 23, 2017 at 15:49:26 +, Ian Jackson wrote: >>> Reasons I am aware that it *might* be a bad idea are: >>> >>> 1. libcurl exposes parts of the openssl ABI, via >>>