Le 17/04/2017 à 21:20, Salvatore Bonaccorso a écrit :
> the following vulnerability was published for apache-log4j2.
>
> CVE-2017-5645[0]:
> Apache Log4j socket receiver deserialization vulnerability
Hi Salvatore,
The vulnerability has been fixed in unstable. liblog4j2-java isn't used
in
apache-log4j2_2.7-2_source.changes uploaded successfully to localhost
along with the files:
apache-log4j2_2.7-2.dsc
apache-log4j2_2.7-2.debian.tar.xz
apache-log4j2_2.7-2_source.buildinfo
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
__
This is the
Your message dated Tue, 18 Apr 2017 13:03:51 +
with message-id
and subject line Bug#860489: fixed in apache-log4j2 2.7-2
has caused the Debian Bug report #860489,
regarding apache-log4j2: CVE-2017-5645: socket receiver deserialization
vulnerability
to be
tag 860489 + pending
thanks
Some bugs in the apache-log4j2 package are closed in revision
799b96337bcf909193aa76c6090ba511c05b64f6 in branch 'master' by
Emmanuel Bourg
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/apache-log4j2.git/commit/?id=799b963
Commit message:
Processing commands for cont...@bugs.debian.org:
> tag 860489 + pending
Bug #860489 [src:apache-log4j2] apache-log4j2: CVE-2017-5645: socket receiver
deserialization vulnerability
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
860489:
Source: batik
Version: 1.5beta2-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for batik.
CVE-2017-5662[0]:
| In Apache Batik before 1.9, files lying on the filesystem of the
| server which uses batik can be revealed to arbitrary users who send
|
Source: fop
Version: 1:1.0.dfsg-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for fop.
CVE-2017-5661[0]:
| In Apache FOP before 2.2, files lying on the filesystem of the server
| which uses FOP can be revealed to arbitrary users who send maliciously
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 18 Apr 2017 14:30:00 +0200
Source: apache-log4j2
Binary: liblog4j2-java liblog4j2-java-doc
Architecture: source
Version: 2.7-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
tomcat8_8.5.11-2~bpo8+1_source.changes uploaded successfully to localhost
along with the files:
tomcat8_8.5.11-2~bpo8+1.dsc
tomcat8_8.5.11-2~bpo8+1.debian.tar.xz
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
__
This is the maintainer address of Debian's Java
Uploads not including architecture-independent packages are not allowed.
===
Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.
__
This is the maintainer address of Debian's Java team
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 18 Apr 2017 16:18:17 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java
libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin
tomcat8-examples tomcat8-docs
The .changes was signed using a weak algorithm (such as SHA-1)
===
Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.
__
This is the maintainer address of Debian's Java team
Hi,
Am 18.04.2017 um 11:15 schrieb Emmanuel Bourg:
> Le 18/04/2017 à 00:07, Emmanuel Bourg a écrit :
>
>> I'll get another look.
>
> I wrote a simple test case:
>
> import com.sun.jna.platform.unix.X11;
> public class JNATest {
> public static void main(String[] args) throws
tomcat8_8.5.11-2~bpo8+1_amd64.changes uploaded successfully to localhost
along with the files:
tomcat8_8.5.11-2~bpo8+1.dsc
tomcat8_8.5.11.orig.tar.xz
tomcat8_8.5.11-2~bpo8+1.debian.tar.xz
tomcat8-common_8.5.11-2~bpo8+1_all.deb
tomcat8_8.5.11-2~bpo8+1_all.deb
tomcat8_8.5.11-2~bpo8+1_amd64.changes uploaded successfully to localhost
along with the files:
tomcat8_8.5.11-2~bpo8+1.dsc
tomcat8_8.5.11.orig.tar.xz
tomcat8_8.5.11-2~bpo8+1.debian.tar.xz
tomcat8-common_8.5.11-2~bpo8+1_all.deb
tomcat8_8.5.11-2~bpo8+1_all.deb
Le 18/04/2017 à 00:07, Emmanuel Bourg a écrit :
> I'll get another look.
I wrote a simple test case:
import com.sun.jna.platform.unix.X11;
public class JNATest {
public static void main(String[] args) throws Exception {
System.setProperty("jna.boot.library.name",
tomcat8_8.5.12-1_source.changes uploaded successfully to localhost
along with the files:
tomcat8_8.5.12-1.dsc
tomcat8_8.5.12.orig.tar.xz
tomcat8_8.5.12-1.debian.tar.xz
tomcat8_8.5.12-1_source.buildinfo
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
__
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 18 Apr 2017 09:53:23 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java
libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin
tomcat8-examples tomcat8-docs
2017-04-18 08:05
https://tests.reproducible-builds.org/debian/unstable/amd64/axis changed from
reproducible -> unreproducible
2017-04-18 16:39
https://tests.reproducible-builds.org/debian/unstable/amd64/axis changed from
unreproducible -> reproducible
__
This is the maintainer address of
2017-04-18 12:27
https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-logging-java
changed from reproducible -> unreproducible
2017-04-18 14:51
https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-logging-java
changed from unreproducible -> reproducible
__
2017-04-18 12:27
https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-el-java
changed from reproducible -> unreproducible
2017-04-18 14:50
https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-el-java
changed from unreproducible -> reproducible
__
This is
2017-04-18 12:33
https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-jxpath-java
changed from reproducible -> unreproducible
2017-04-18 14:54
https://tests.reproducible-builds.org/debian/unstable/amd64/libcommons-jxpath-java
changed from unreproducible -> reproducible
__
22 matches
Mail list logo