Bug#860489: apache-log4j2: CVE-2017-5645: socket receiver deserialization vulnerability

Le 17/04/2017 à 21:20, Salvatore Bonaccorso a écrit : > the following vulnerability was published for apache-log4j2. > > CVE-2017-5645[0]: > Apache Log4j socket receiver deserialization vulnerability Hi Salvatore, The vulnerability has been fixed in unstable. liblog4j2-java isn't used in

Processing of apache-log4j2_2.7-2_source.changes

apache-log4j2_2.7-2_source.changes uploaded successfully to localhost along with the files: apache-log4j2_2.7-2.dsc apache-log4j2_2.7-2.debian.tar.xz apache-log4j2_2.7-2_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This is the

Bug#860489: marked as done (apache-log4j2: CVE-2017-5645: socket receiver deserialization vulnerability)

Your message dated Tue, 18 Apr 2017 13:03:51 + with message-id and subject line Bug#860489: fixed in apache-log4j2 2.7-2 has caused the Debian Bug report #860489, regarding apache-log4j2: CVE-2017-5645: socket receiver deserialization vulnerability to be

Bug#860489: Pending fixes for bugs in the apache-log4j2 package

tag 860489 + pending thanks Some bugs in the apache-log4j2 package are closed in revision 799b96337bcf909193aa76c6090ba511c05b64f6 in branch 'master' by Emmanuel Bourg The full diff can be seen at https://anonscm.debian.org/cgit/pkg-java/apache-log4j2.git/commit/?id=799b963 Commit message:

Processed: Pending fixes for bugs in the apache-log4j2 package

Processing commands for cont...@bugs.debian.org: > tag 860489 + pending Bug #860489 [src:apache-log4j2] apache-log4j2: CVE-2017-5645: socket receiver deserialization vulnerability Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 860489:

Bug#860566: batik: CVE-2017-5662: information disclosure vulnerability

Source: batik Version: 1.5beta2-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for batik. CVE-2017-5662[0]: | In Apache Batik before 1.9, files lying on the filesystem of the | server which uses batik can be revealed to arbitrary users who send |

Bug#860567: fop: CVE-2017-5661: information disclosure vulnerability

Source: fop Version: 1:1.0.dfsg-1 Severity: important Tags: upstream security Hi, the following vulnerability was published for fop. CVE-2017-5661[0]: | In Apache FOP before 2.2, files lying on the filesystem of the server | which uses FOP can be revealed to arbitrary users who send maliciously

apache-log4j2_2.7-2_source.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 18 Apr 2017 14:30:00 +0200 Source: apache-log4j2 Binary: liblog4j2-java liblog4j2-java-doc Architecture: source Version: 2.7-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers

Processing of tomcat8_8.5.11-2~bpo8+1_source.changes

tomcat8_8.5.11-2~bpo8+1_source.changes uploaded successfully to localhost along with the files: tomcat8_8.5.11-2~bpo8+1.dsc tomcat8_8.5.11-2~bpo8+1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This is the maintainer address of Debian's Java

tomcat8_8.5.11-2~bpo8+1_source.changes REJECTED

Uploads not including architecture-independent packages are not allowed. === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. __ This is the maintainer address of Debian's Java team

tomcat8_8.5.11-2~bpo8+1_amd64.changes ACCEPTED into jessie-backports->backports-policy

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 18 Apr 2017 16:18:17 +0200 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs

tomcat8_8.5.11-2~bpo8+1_amd64.changes REJECTED

The .changes was signed using a weak algorithm (such as SHA-1) === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. __ This is the maintainer address of Debian's Java team

Bug#858876: libjna-jni: causes NoClassDefFoundError

Hi, Am 18.04.2017 um 11:15 schrieb Emmanuel Bourg: > Le 18/04/2017 à 00:07, Emmanuel Bourg a écrit : > >> I'll get another look. > > I wrote a simple test case: > > import com.sun.jna.platform.unix.X11; > public class JNATest { > public static void main(String[] args) throws

Processing of tomcat8_8.5.11-2~bpo8+1_amd64.changes

tomcat8_8.5.11-2~bpo8+1_amd64.changes uploaded successfully to localhost along with the files: tomcat8_8.5.11-2~bpo8+1.dsc tomcat8_8.5.11.orig.tar.xz tomcat8_8.5.11-2~bpo8+1.debian.tar.xz tomcat8-common_8.5.11-2~bpo8+1_all.deb tomcat8_8.5.11-2~bpo8+1_all.deb

Processing of tomcat8_8.5.11-2~bpo8+1_amd64.changes

tomcat8_8.5.11-2~bpo8+1_amd64.changes uploaded successfully to localhost along with the files: tomcat8_8.5.11-2~bpo8+1.dsc tomcat8_8.5.11.orig.tar.xz tomcat8_8.5.11-2~bpo8+1.debian.tar.xz tomcat8-common_8.5.11-2~bpo8+1_all.deb tomcat8_8.5.11-2~bpo8+1_all.deb

Bug#858876: libjna-jni: causes NoClassDefFoundError

Le 18/04/2017 à 00:07, Emmanuel Bourg a écrit : > I'll get another look. I wrote a simple test case: import com.sun.jna.platform.unix.X11; public class JNATest { public static void main(String[] args) throws Exception { System.setProperty("jna.boot.library.name",

Processing of tomcat8_8.5.12-1_source.changes

tomcat8_8.5.12-1_source.changes uploaded successfully to localhost along with the files: tomcat8_8.5.12-1.dsc tomcat8_8.5.12.orig.tar.xz tomcat8_8.5.12-1.debian.tar.xz tomcat8_8.5.12-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) __

tomcat8_8.5.12-1_source.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 18 Apr 2017 09:53:23 +0200 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs

reproducible.debian.net status changes for axis

2017-04-18 08:05 https://tests.reproducible-builds.org/debian/unstable/amd64/axis changed from reproducible -> unreproducible 2017-04-18 16:39 https://tests.reproducible-builds.org/debian/unstable/amd64/axis changed from unreproducible -> reproducible __ This is the maintainer address of

reproducible.debian.net status changes for libcommons-logging-java

2017-04-18 12:27 https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-logging-java changed from reproducible -> unreproducible 2017-04-18 14:51 https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-logging-java changed from unreproducible -> reproducible __

reproducible.debian.net status changes for libcommons-el-java

2017-04-18 12:27 https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-el-java changed from reproducible -> unreproducible 2017-04-18 14:50 https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-el-java changed from unreproducible -> reproducible __ This is

reproducible.debian.net status changes for libcommons-jxpath-java

2017-04-18 12:33 https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-jxpath-java changed from reproducible -> unreproducible 2017-04-18 14:54 https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-jxpath-java changed from unreproducible -> reproducible __