Bug#840000: libapache-mod-jk: CVE-2016-6808

2016-10-07 Thread Markus Koschany
On 07.10.2016 14:15, Salvatore Bonaccorso wrote: [...] > > Now whilst the affected code is back present in 1.2.0, I need some > help understanding the actual impact for us. According to the build > log this common code is as well compiled in into the mod_jk, The > upstream description though

resteasy 3.0.19-2 MIGRATED to testing

2016-10-07 Thread Debian testing watch
FYI: The status of the resteasy source package in Debian's testing distribution has changed. Previous version: 3.0.19-1 Current version: 3.0.19-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will

Processing of easymock_3.4+ds-1_source.changes

2016-10-07 Thread Debian FTP Masters
easymock_3.4+ds-1_source.changes uploaded successfully to localhost along with the files: easymock_3.4+ds-1.dsc easymock_3.4+ds.orig.tar.xz easymock_3.4+ds-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host franck.debian.org) __ This is the maintainer address of

Processing of easymock_3.4+ds-1_source.changes

2016-10-07 Thread Debian FTP Masters
easymock_3.4+ds-1_source.changes uploaded successfully to ftp-master.debian.org along with the files: easymock_3.4+ds-1.dsc easymock_3.4+ds.orig.tar.xz easymock_3.4+ds-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host coccia.debian.org) __ This is the maintainer

easymock_3.4+ds-1_source.changes ACCEPTED into unstable

2016-10-07 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 07 Oct 2016 18:59:24 +0200 Source: easymock Binary: libeasymock-java libeasymock-java-doc Architecture: source Version: 3.4+ds-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers

assertj-core 2.3.0-3 MIGRATED to testing

2016-10-07 Thread Debian testing watch
FYI: The status of the assertj-core source package in Debian's testing distribution has changed. Previous version: 2.3.0-2 Current version: 2.3.0-3 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will

Bug#840000: libapache-mod-jk: CVE-2016-6808

2016-10-07 Thread Markus Koschany
On 07.10.2016 16:20, Salvatore Bonaccorso wrote: > Hi Markus, [...] > Thanks for your investigation! Have you good upstream contact to try > to clarify why the above statement was made? Hi Salvatore, unfortunately not. I'm just the guy who tries to keep these packages alive. But I agree that we

Bug#840000: libapache-mod-jk: CVE-2016-6808

2016-10-07 Thread Markus Koschany
Looks like Apache is not affected. [1] I guess would be justified here. Markus [1] https://mail-archives.apache.org/mod_mbox/tomcat-users/201610.mbox/%3CCABzHfVmjt6oRKZfETgrP22wX%3DMF%2BSZsYDw2mAJkmhwcHDt0T3Q%40mail.gmail.com%3E signature.asc Description: OpenPGP digital signature __ This

Bug#840000: libapache-mod-jk: CVE-2016-6808

2016-10-07 Thread Salvatore Bonaccorso
Hi Markus, On Fri, Oct 07, 2016 at 03:21:54PM +0200, Markus Koschany wrote: > On 07.10.2016 14:15, Salvatore Bonaccorso wrote: > [...] > > > > Now whilst the affected code is back present in 1.2.0, I need some > > help understanding the actual impact for us. According to the build > > log this

Bug#840000: libapache-mod-jk: CVE-2016-6808

2016-10-07 Thread Salvatore Bonaccorso
On Fri, Oct 07, 2016 at 02:15:32PM +0200, Salvatore Bonaccorso wrote: > Can you clarify if this is correct? If so we would mark the CVE as > (unimportant) and thus as well not release a DSA, and a 1:1.2.42 > upload to unstable can then mark the CVE as fixed. ... or actually (Windows specific)

Processing of stegosuite_0.7.3-2_source.changes

2016-10-07 Thread Debian FTP Masters
stegosuite_0.7.3-2_source.changes uploaded successfully to localhost along with the files: stegosuite_0.7.3-2.dsc stegosuite_0.7.3-2.debian.tar.xz Greetings, Your Debian queue daemon (running on host franck.debian.org) __ This is the maintainer address of Debian's Java team

stegosuite_0.7.3-2_source.changes ACCEPTED into unstable

2016-10-07 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 07 Oct 2016 20:30:01 +0200 Source: stegosuite Binary: stegosuite Architecture: source Version: 0.7.3-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers

Bug#840043: src:libibatis-java: please package MyBatis 3

2016-10-07 Thread Dominik George
Package: src:libibatis-java Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I am currently updating the guacamole-client package in Debian and it needs MyBatis 3 for its JDBC plugin, which seems to be a successor of iBatis. Could you update the package to MyBatis 3?

Bug#829078: Interim workaround?

2016-10-07 Thread Jamie Norrish
Is there any way to get elasticsearch running while the patching is in progress, or is the YAML problem fundamental? Alternately, is there anything I, as someone unfamiliar with the package and only slightly proficient at Java programming, can do to help with fixing the problem? Jamie __ This is

Bug#840043: src:libibatis-java: please package MyBatis 3

2016-10-07 Thread Emmanuel Bourg
Le 7/10/2016 à 21:53, Dominik George a écrit : > Could you update the package to MyBatis 3? Hi Dominik, If I'm not mistaken MyBatis 3 is not compatible with iBatis, so we'll need a new package instead of upgrading this one. Emmanuel Bourg __ This is the maintainer address of Debian's Java

Processing of stegosuite_0.7.3-2_source.changes

2016-10-07 Thread Debian FTP Masters
stegosuite_0.7.3-2_source.changes uploaded successfully to ftp-master.debian.org along with the files: stegosuite_0.7.3-2.dsc stegosuite_0.7.3-2.debian.tar.xz Greetings, Your Debian queue daemon (running on host coccia.debian.org) __ This is the maintainer address of Debian's Java

Bug#829258: marked as done (stegosuite: Wrong section, should be in e.g. graphics, but not in java)

2016-10-07 Thread Debian Bug Tracking System
Your message dated Fri, 07 Oct 2016 19:19:23 + with message-id and subject line Bug#829258: fixed in stegosuite 0.7.3-2 has caused the Debian Bug report #829258, regarding stegosuite: Wrong section, should be in e.g. graphics, but not in java to be marked

reproducible.debian.net status changes for batik

2016-10-07 Thread Reproducible builds folks
2016-10-07 12:25 https://tests.reproducible-builds.org/debian/unstable/amd64/batik changed from unreproducible -> FTBFS 2016-10-07 14:48 https://tests.reproducible-builds.org/debian/unstable/amd64/batik changed from FTBFS -> unreproducible __ This is the maintainer address of Debian's Java

reproducible.debian.net status changes for jetty8

2016-10-07 Thread Reproducible builds folks
2016-10-07 14:06 https://tests.reproducible-builds.org/debian/unstable/amd64/jetty8 changed from unreproducible -> FTBFS __ This is the maintainer address of Debian's Java team . Please use

Bug#839184: zkCli.sh unusable as packaged

2016-10-07 Thread Felix Dreissig
Tags: patch Hi, sorry, I broke this with the patch from #830222: In commit 8c69d33, I moved the "JAVA" environment variable to the init script, as it cannot not be used in the systemd unit file (that requires absolute executable paths). However, other ZooKeeper tools rely on it being set in

Processed: #839184

2016-10-07 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tags 839184 + patch Bug #839184 [zookeeper] zkCli.sh unusable as packaged Added tag(s) patch. > End of message, stopping processing here. Please contact me if you need assistance. -- 839184:

Bug#840000: libapache-mod-jk: CVE-2016-6808

2016-10-07 Thread Salvatore Bonaccorso
Source: libapache-mod-jk Version: 1:1.2.41-1 Severity: important Tags: security upstream patch Hi, the following vulnerability was published for libapache-mod-jk. CVE-2016-6808[0]: buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities &

Bug#605063: marked as forwarded (batik is crashing (libbatik-java))

2016-10-07 Thread Debian Bug Tracking System
Your message dated Fri, 7 Oct 2016 09:05:05 +0200 with message-id has caused the report #605063, regarding batik is crashing (libbatik-java) to be marked as having been forwarded to the upstream software author(s)

batik_1.8-4_source.changes ACCEPTED into unstable

2016-10-07 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 07 Oct 2016 09:23:44 +0200 Source: batik Binary: libbatik-java Architecture: source Version: 1.8-4 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers

Bug#824113: marked as done (libbatik-java: The "squiggle" script crashes with a NoClassDefFoundError)

2016-10-07 Thread Debian Bug Tracking System
Your message dated Fri, 07 Oct 2016 07:33:40 + with message-id and subject line Bug#824113: fixed in batik 1.8-4 has caused the Debian Bug report #824113, regarding libbatik-java: The "squiggle" script crashes with a NoClassDefFoundError to be marked as

Bug#805469: marked as done ([ERROR] FOUserAgent - SVG graphic could not be built.)

2016-10-07 Thread Debian Bug Tracking System
Your message dated Fri, 07 Oct 2016 07:33:40 + with message-id and subject line Bug#805469: fixed in batik 1.8-4 has caused the Debian Bug report #805469, regarding [ERROR] FOUserAgent - SVG graphic could not be built. to be marked as done. This means

Processing of batik_1.8-4_source.changes

2016-10-07 Thread Debian FTP Masters
batik_1.8-4_source.changes uploaded successfully to localhost along with the files: batik_1.8-4.dsc batik_1.8-4.debian.tar.xz Greetings, Your Debian queue daemon (running on host franck.debian.org) __ This is the maintainer address of Debian's Java team

Bug#840000: libapache-mod-jk: CVE-2016-6808

2016-10-07 Thread Salvatore Bonaccorso
Control: found -1 1:1.2.37-4 Hi On Fri, Oct 07, 2016 at 01:26:00PM +0200, Salvatore Bonaccorso wrote: > Source: libapache-mod-jk > Version: 1:1.2.41-1 > Severity: important > Tags: security upstream patch > > Hi, > > the following vulnerability was published for libapache-mod-jk. > >

Processed: Re: Bug#840000: libapache-mod-jk: CVE-2016-6808

2016-10-07 Thread Debian Bug Tracking System
Processing control commands: > found -1 1:1.2.37-4 Bug #84 [src:libapache-mod-jk] libapache-mod-jk: CVE-2016-6808 Marked as found in versions libapache-mod-jk/1:1.2.37-4. -- 84: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=84 Debian Bug Tracking System Contact

Processing of libfastutil-java_7.0.11-2~bpo8+1_amd64.changes

2016-10-07 Thread Debian FTP Masters
libfastutil-java_7.0.11-2~bpo8+1_amd64.changes uploaded successfully to localhost along with the files: libfastutil-java_7.0.11-2~bpo8+1.dsc libfastutil-java_7.0.11-2~bpo8+1.debian.tar.xz libfastutil-java_7.0.11-2~bpo8+1_all.deb libfastutil-java-doc_7.0.11-2~bpo8+1_all.deb Greetings,

libfastutil-java_7.0.11-2~bpo8+1_amd64.changes is NEW

2016-10-07 Thread Debian FTP Masters
binary:libfastutil-java is NEW. binary:libfastutil-java-doc is NEW. source:libfastutil-java is NEW. Your package has been put into the NEW queue, which requires manual action from the ftpteam to process. The upload was otherwise valid (it had a good OpenPGP signature and file hashes are valid),