Your message dated Sat, 29 Aug 2015 22:23:04 +0000
with message-id <e1zvowe-0000ag...@franck.debian.org>
and subject line Bug#797275: fixed in jsoup 1.8.3-1
has caused the Debian Bug report #797275,
regarding jsoup: CVE-2015-6748: XSS vulnerability in jsoup related to
incomplete tags at EOF
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
797275: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797275
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jsoup
Version: 1.6.2-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for jsoup.
CVE-2015-6748[0]:
XSS vulnerability in jsoup related to incomplete tags at EOF
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-6748
[1] http://www.openwall.com/lists/oss-security/2015/08/28/3
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jsoup
Source-Version: 1.8.3-1
We believe that the bug you reported is fixed in the latest version of
jsoup, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 797...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated jsoup package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 29 Aug 2015 22:40:04 +0200
Source: jsoup
Binary: libjsoup-java libjsoup-java-doc
Architecture: source all
Version: 1.8.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Description:
libjsoup-java - Java HTML parser that makes sense of real-world HTML soup
libjsoup-java-doc - Documentation for jsoup HTML Parser
Closes: 797275
Changes:
jsoup (1.8.3-1) unstable; urgency=medium
.
* New upstream release (Closes: #797275)
* Refreshed the patch
Checksums-Sha1:
5ddedbe372a909f3829fb6ee51f11559cd3749cb 2152 jsoup_1.8.3-1.dsc
6748683c1d271a46916c562624bf8c80e712eda7 143156 jsoup_1.8.3.orig.tar.xz
0ad887b6fb99c6c32eb607d41f11887c83e171f6 40036 jsoup_1.8.3-1.debian.tar.xz
93e0b00d54546c0cdeb760cd51bb511176a5db53 152572
libjsoup-java-doc_1.8.3-1_all.deb
648b554df1138ec65472bb117b73f06bcffc8136 308390 libjsoup-java_1.8.3-1_all.deb
Checksums-Sha256:
b10cbc3d2afdc8ca8113614ecb4b9a6946a9e4024cf5da5687045e2f1a0be012 2152
jsoup_1.8.3-1.dsc
005fdf34d11ed26eb0604b08d228d49040e0f213df2afd1f8459db2821cc7b27 143156
jsoup_1.8.3.orig.tar.xz
8ae37ed7673c8051f0482a867cd1091a7bffa8c7cec4096a56a2a159d9419827 40036
jsoup_1.8.3-1.debian.tar.xz
a1dc9ae7d2ce63cb0ecdfbbe68938cb987eb07e77317fe469d5098742bfd6186 152572
libjsoup-java-doc_1.8.3-1_all.deb
9e39a5a843cc897a1c5cb0b865a1ffb6226d68cff0c4606f92e5eda9a7e8e141 308390
libjsoup-java_1.8.3-1_all.deb
Files:
4443781dc8959ba8c2acd1ddd4695495 2152 java optional jsoup_1.8.3-1.dsc
f7528745064ba46b8d6583923902e198 143156 java optional jsoup_1.8.3.orig.tar.xz
be9f1c3c9ffec8819b097ec8cecada0a 40036 java optional
jsoup_1.8.3-1.debian.tar.xz
0964b44600f8bbf1964be9a17602cde0 152572 doc optional
libjsoup-java-doc_1.8.3-1_all.deb
e0404c5083ef384e0767414d48d6ad9f 308390 java optional
libjsoup-java_1.8.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJV4i3KAAoJEPUTxBnkudCsENQP/iq6VzMZltUgSG4ddjdZwmGD
8ZaNy5ZpPBaX52P3nTg7WA/Tkd2dM8hvIO8bPEKITGfbDB9sAzaXB84qCICCYsy2
OjjLov5LZGlA7k2uAMgRFTJz811QBxFt+XcM+MyhCUUMHFT05WE5V2Z4Eo+PNu+c
UYA/FuA6Db+SnbyqvbR+8QbRPZ9/os984JBh4GR4mrekuOOkYhLduyRLNeDkbm+c
SrtPomoujFlyX5RAhBTeWfk1pMSyOCkB/Uk4aXj4ql3kz4QO2M3BT0lhtumGrnwT
qNyZnsyNeU/1psJLdljSIJPtpcbDJbgMT5gISl7A6Noidlzid48/uigu7+HpDIF2
gbQ7ZY0jiDLb+2rqvIsubLAu4gyjUiFmoQhkuju/rugPfYuCW4AxbYCtBepqF024
WNyHlo2x/lWB05hNqA6xM+YJHBgjix13abPq8Iw6cI+SylASJVT8TisVh1qmKu8V
rlsY7jdNXVmWvAkb5DKIimiLONgnANKmsPUN+GDBTYHiUxjkB5dK6Ygap+C4cOSS
mUFK/rTOuLwkfLR89UVPrdfKZOFETFDYP6SMdoSLziijRaKNcqhzhIhQ6PmA95sD
kXzOrxPrjILS0Fb4rpXU0yFoE61lnGGyV3bzML8rCPR12f+L49kBmoWXTbfW70SQ
c6xieF1cRpRQ3c350aZh
=st3P
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
