Package: libjbcrypt-java
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886
http://www.mindrot.org/projects/jBCrypt/news/rel04.html
https://bugzilla.mindrot.org/show_bug.cgi?id=2097
Cheers,
Moritz
maven_3.0.5-4_amd64.changes uploaded successfully to localhost
along with the files:
maven_3.0.5-4.dsc
maven_3.0.5-4.debian.tar.xz
maven_3.0.5-4_all.deb
Greetings,
Your Debian queue daemon (running on host franck.debian.org)
__
This is the maintainer address of Debian's Java team
<
Thank you for the report Moritz.
According to the Bugzilla report the issue happens when BCrypt.gensalt()
is called with the value 31. jenkins is the only package using this
library and it calls this method with no parameter [1], the default
value being 10 [2].
So I don't think this issue is crit
Hello Emmanuel,
On Tue, 24 Feb 2015, Emmanuel Bourg wrote:
> CVE-2011-3923 seems to be a Struts vulnerability, why is it assigned to
> Spring?
I asked Salvatore Bonaccorso to review this since
he confirmed that assignation a while ago... he double checked and
it was a mistake (the CVE assignatio
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 08 Mar 2015 19:25:12 -0300
Source: maven
Binary: maven
Architecture: source all
Version: 3.0.5-4
Distribution: experimental
Urgency: medium
Maintainer: Debian Java Maintainers
Changed-By: Miguel Landaeta
Descrip
Your message dated Mon, 9 Mar 2015 16:11:29 +
with message-id <1f3cfa9e-e967-484d-9f06-9822dfe6c...@hp.com>
and subject line
has caused the Debian Bug report #779112,
regarding libjnr-constants-java, libconstantine-java: error when trying to
install together
to be marked as done.
This means
6 matches
Mail list logo