* Torsten Werner:
Am 09.06.2011 02:07, schrieb Sylvestre Ledru:
Le mercredi 08 juin 2011 à 23:08 +0200, Nico Golde a écrit :
Package: openjdk-6-jre, sun-java6-jre
Severity: serious
Tags: security
A new round of java issues:
CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0817
* Thijs Kinkhorst:
Upstream has released Java SE 6 update 29 yesterday:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
with security fixes.
Does the lack of a DLJ version affect us? The special distributor
license is no longer available from Oracle:
| As a
* Moritz Muehlenhoff:
As for stable/oldstable: I noticed that Red Hat provided packages for
update 29 for RHEL 4 (RHEL 5 onwards use OpenJDK):
http://lwn.net/Articles/463919/
If anyone remembers the rationale behind the DLJ, perhaps they can
check if the current BCL matches our needs, too?
* Torsten Werner:
On Fri, Oct 28, 2011 at 1:59 PM, Florian Weimer fwei...@bfk.de wrote:
Shipping multiple, different JAR files means that once you load multiple
ASM-using libraries, some of them are bound to use different JARs, and
the JVM will have to open all of them. At best, this wastes
* Moritz Mühlenhoff:
Florian, what's the status of openjdk6 for stable/oldstable?
I've released the pending update for squeeze. lenny will eventually
follow, and so will the pending updates for squeeze, but judging by my
past performance, it will take a while.
If someone else wants to work on
* Philipp Kern:
sun-java6 is sadly still a very high profile package. I won't go and
break all those installations which force sun-java6 over openjdk-6
locally, either in unattended installations or through other means.
It's really unfortunate that most of those installations seem to need
* Matthias Klose:
On 12/11/2011 01:07 PM, Holger Levsen wrote:
Hi,
On Sonntag, 11. Dezember 2011, Philipp Kern wrote:
sorry, but I'd rather like to have an announcement that it has a bug,
me too, for all the reasons Philipp noted.
It's also trivial to download the fixed jdk from
Hi,
I'd like to release IcedTea 1.8.7 as a security update for both
squeeze and lenny. In order to keep the version numbering sane, I'd
like to see it in unstable first. Do you plan to upload 1.8.7 soon?
Florian
__
This is the maintainer address of Debian's Java team
Package: libjibx-java
Version: 1.0.2-1
Please upgrade the package to version 1.2.1, which is a build
dependency of OpenJDK 7.
___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
Package: junit4
Version: 4.6-1
This way, your users do not need to worry about implementations
details.
I've attached an example how this is done in stringtemplate.
diff -Nur stringtemplate-3.1/build.xml stringtemplate-3.1.new/build.xml
--- stringtemplate-3.1/build.xml 2008-02-23
* Damien Raude-Morvan:
This way, your users do not need to worry about implementations
details.
Nice idea, I've commited your proposed fix. We'll include it in next
upload.
Don't forget to remove the NEWS entry as well.
___
pkg-java-maintainers
Package: libxalan2-java
Version: 2.7.1-5
Severity: grave
Running java -jar /usr/share/java/xalan2.jar -DIAG -XSL t.xsl -IN
References.html, I receive the following error message:
(Location of error unknown)java.io.IOException: Server returned HTTP response
code: 503 for URL:
* Daniel Leidert:
Xalan doesn't use the catalog system. Please simply use it to avoid
access to the internet.
You should really change it to use the catalog system by default.
http://www.sagehill.net/docbookxsl/UseCatalog.html#UsingCatsXalan
I'm in favour of closing this report without any
* Niels Thykier:
Are you sure, this wasn't a temporary problem? I can access
http://www.w3.org/TR/html4/loose.dtd both with my browser (iceweasel)
and fetch it with wget.
W3C is blocking access to specific user agents. As I said, they want
to curb questionable use of their service.
* Torsten Werner:
On Mon, Aug 17, 2009 at 11:06 AM, Florian Weimerf...@deneb.enyo.de wrote:
Running java -jar /usr/share/java/xalan2.jar -DIAG -XSL t.xsl -IN
References.html, I receive the following error message:
Please attach some sample files t.xsl and References.html that
reproduce the
* Tommi Vainikainen:
Package: libstringtemplate-java
Version: 3.1-3
Severity: minor
Currently if one install Antlr v3 (from 'antlr3'), also Antlr v2 will
be installed because of dependency in libstringtemplate-java version
3.1-3. Maybe libstringtemplate-java should not depend on any
* Tommi Vainikainen:
Florian Weimer f...@deneb.enyo.de writes:
Stringtemplate parses the templates using an antlr-generated parser
(and version 2 at that), so the dependency is really there.
I stand corrected. However, could the Antlr v2 packaging be modified
then so that user installing
* Michael Koch:
I got notified that OpenJDK 7 will drop the dependency on jibx in
one of the next releases.
I believe it is already gone, and in-JDK libraries are used instead.
___
pkg-java-maintainers mailing list
* Cyril Brulebois:
Forwarding the question to the (hopefully) appropriate persons.
From: Bastian Blank [EMAIL PROTECTED]
Subject: Re: Bug#441122: cacao - FTBFS: undefined reference to `__data_start'
To: Cyril Brulebois [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Date: Sat, 29 Sep 2007 13:21:02
Package: libstringtemplate-java
Version: 3.1-1
The old build.xml specified a dependency on ANTLR:
!-- === --
!-- Creates the jar archive --
!--
Package: junit4
Version: 4.3.1-3
Severity: important
The junit4.jar symlink is useless:
lrwxrwxrwx 1 root root 17 2008-03-08 14:44 /usr/share/java/junit4.jar -
/junit4-4.3.1.jar
Presumably, you need to call dh_link with an absolute path, or use ln -s
(which will be turned into an absolute link
Package: libjansi-native-java
Version: 1.0-3
Severity: grave
The package claims to provide JNI libraries, but is architecture: all.
For some reason, there are no DSOs in the JAR files.
I think as it stands, the package is completely usable.
__
This is the maintainer address of Debian's Java
Package: libhawtjni-runtime-java
Version: 1.0~+git0c502e20c4-3
Tags: security
Severity: important
A /tmp race condition which can be abused by local users to execute
arbitrary code with the privileges of a process using hawtjni has been
fixed:
* Javier Serrano Polo:
The JavaMail spec is clear enough about what should (must) do the
implementation. As Chris already said, it returns the actual message
content. Security isn't handled in this step. Any implementation
altering this value doesn't follow the spec. Any application relying
* Javier Serrano Polo:
El dt 24 de 04 del 2007 a les 19:17 +0200, en/na Florian Weimer va
escriure:
I guess the documentation shoud be clarified:
I don't know where that text came from (it's in a previous link, I
know). From:
It's from the GNU implementation against which this bug report
* Timo Aaltonen:
We have a bootstrapping issue with this.. upstream CVS repo ships with
'lib/bootstrap-relaxngcc.jar' which is used to generate the files for
the parser. And since the source tarball can't include that relaxngcc
has no way to enter Debian?
Fedora doesn't seem to care, they
There is already an upstream bug for this problem located at this url:
https://issues.jenkins-ci.org/browse/JENKINS-25019
with a proposed fix that only adresses the HttpOnly issue for Tomcat.
Why isn't the missing “secure” flag a Tomcat configuration issue?
__
This is the maintainer address
* Yann Rouillard:
Yes it could be seen that way, as we discussed with Emmanuel during the
Paris BSP today, but in fact it's even better, I checked and there is no
problem with Tomcat as the Secure flag as it already automatically set
with the default configuration:
- if Tomcat is
28 matches
Mail list logo