Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

Package: jenkins Severity: grave Tags: security Justification: user security hole Hi, please see https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli Cheers, Moritz __ This is the maintainer address of Debian's Java team

Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

Hi Moritz, If I'm not mistaken this vulnerability is actually linked to a dangerous deserialization in commons-collections if the input isn't properly sanitized. I intend to upload a modification of commons-collections to address this issue in Jenkins and the other applications potentially affecte

Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

On Mon, Nov 09, 2015 at 09:25:20AM +0100, Emmanuel Bourg wrote: > Hi Moritz, > > If I'm not mistaken this vulnerability is actually linked to a dangerous > deserialization in commons-collections if the input isn't properly > sanitized. Indeed, I intended to file a separate bug for those (but I wa

Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

Le 09/11/2015 09:26, Moritz Muehlenhoff a écrit : > Indeed, I intended to file a separate bug for those (but I was unsure > whether > jenkins used the system-wide lib as opposed to the released versions from > jenkins upstream) libjenkins-java depends on libcommons-collections3-java, but jen

Processing of apache-mime4j_0.7.2-4_amd64.changes

apache-mime4j_0.7.2-4_amd64.changes uploaded successfully to localhost along with the files: apache-mime4j_0.7.2-4.dsc apache-mime4j_0.7.2-4.debian.tar.xz libapache-mime4j-java-doc_0.7.2-4_all.deb libapache-mime4j-java_0.7.2-4_all.deb Greetings, Your Debian queue daemon (running o

apache-mime4j_0.7.2-4_amd64.changes REJECTED

apache-mime4j_0.7.2-4.dsc: Invalid size hash for apache-mime4j_0.7.2.orig.tar.gz: According to the control file the size hash should be 735216, but apache-mime4j_0.7.2.orig.tar.gz has 928728. If you did not include apache-mime4j_0.7.2.orig.tar.gz in your upload, a different version might alrea

Processing of apache-mime4j_0.7.2-4_amd64.changes

apache-mime4j_0.7.2-4_amd64.changes uploaded successfully to localhost along with the files: apache-mime4j_0.7.2-4.dsc apache-mime4j_0.7.2-4.debian.tar.xz libapache-mime4j-java-doc_0.7.2-4_all.deb libapache-mime4j-java_0.7.2-4_all.deb Greetings, Your Debian queue daemon (running o

apache-mime4j_0.7.2-4_amd64.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 09 Nov 2015 10:15:28 +0100 Source: apache-mime4j Binary: libapache-mime4j-java libapache-mime4j-java-doc Architecture: source all Version: 0.7.2-4 Distribution: unstable Urgency: medium Maintainer: Debian Java Main

Bug#804458: marked as done (apache-mime4j: FTBFS: POM org.apache.maven.plugins:maven-assembly-plugin:pom:2.2-beta-5 not found)

Your message dated Mon, 09 Nov 2015 10:48:54 + with message-id and subject line Bug#804458: fixed in apache-mime4j 0.7.2-4 has caused the Debian Bug report #804458, regarding apache-mime4j: FTBFS: POM org.apache.maven.plugins:maven-assembly-plugin:pom:2.2-beta-5 not found to be marked as done

Processing of eigenbase-resgen_1.3.0.13768-2_amd64.changes

eigenbase-resgen_1.3.0.13768-2_amd64.changes uploaded successfully to localhost along with the files: eigenbase-resgen_1.3.0.13768-2.dsc eigenbase-resgen_1.3.0.13768-2.debian.tar.xz libeigenbase-resgen-java-doc_1.3.0.13768-2_all.deb libeigenbase-resgen-java_1.3.0.13768-2_all.deb Greetings,

eigenbase-resgen_1.3.0.13768-2_amd64.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 09 Nov 2015 16:05:26 +0100 Source: eigenbase-resgen Binary: libeigenbase-resgen-java libeigenbase-resgen-java-doc Architecture: source all Version: 1.3.0.13768-2 Distribution: unstable Urgency: medium Maintainer: D

libjna-java 4.2.1-1 MIGRATED to testing

FYI: The status of the libjna-java source package in Debian's testing distribution has changed. Previous version: 4.2.0-1 Current version: 4.2.1-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will rec

Bug#804564: doxia: FTBFS: Cannot locate avalon-framework

Source: doxia Version: 1.1.4-3 Severity: serious >From my pbuilder build log: ... [INFO] [INFO] Building Doxia :: FO Module [INFO]task-segment: [package] [INFO] ---

maven2 2.2.1-28 MIGRATED to testing

FYI: The status of the maven2 source package in Debian's testing distribution has changed. Previous version: 2.2.1-27 Current version: 2.2.1-28 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receiv

elasticsearch 1.7.3+dfsg-2 MIGRATED to testing

FYI: The status of the elasticsearch source package in Debian's testing distribution has changed. Previous version: 1.6.2+dfsg-1 Current version: 1.7.3+dfsg-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day

eclipse-rse 3.4.2-2 MIGRATED to testing

FYI: The status of the eclipse-rse source package in Debian's testing distribution has changed. Previous version: 3.4.2-1 Current version: 3.4.2-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will rec

ivy 2.4.0-2 MIGRATED to testing

FYI: The status of the ivy source package in Debian's testing distribution has changed. Previous version: 2.3.0-4 Current version: 2.4.0-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive lat

libgoogle-gson-java 2.4-1 MIGRATED to testing

FYI: The status of the libgoogle-gson-java source package in Debian's testing distribution has changed. Previous version: 2.2.4-1 Current version: 2.4-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you wi

wagon2 2.10-1 MIGRATED to testing

FYI: The status of the wagon2 source package in Debian's testing distribution has changed. Previous version: 2.9-1 Current version: 2.10-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive lat

maven2-core 2.2.1-23 MIGRATED to testing

FYI: The status of the maven2-core source package in Debian's testing distribution has changed. Previous version: 2.2.1-22 Current version: 2.2.1-23 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will r

Bug#804609: netty-tcnative: FTBFS: error: implicit declaration of function 'SSLv3_client_method'

Source: netty-tcnative Version: 1.1.33.Fork9-1 Severity: serious Justification: fails to build from source Tags: sid stretch User: reproducible-bui...@lists.alioth.debian.org Usertags: ftbfs X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org Dear Maintainer, The package fails to build, pro

reproducible.debian.net status changes for libxbean-java

2015-11-09 08:41 https://reproducible.debian.net/unstable/amd64/libxbean-java changed from unreproducible -> reproducible __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.or

reproducible.debian.net status changes for apache-mime4j

2015-11-09 19:24 https://reproducible.debian.net/unstable/amd64/apache-mime4j changed from FTBFS -> unreproducible __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org for d

elasticsearch is marked for autoremoval from testing

elasticsearch 1.7.3+dfsg-2 is marked for autoremoval from testing on 2015-11-30 It is affected by these RC bugs: 803713: elasticsearch: Keep out of testing __ This is the maintainer address of Debian's Java team . Ple