Bug#692035: CVE-2012-3155: vulnerability in the CORBA ORB component

2012-11-01 Thread Helmut Grohne
Package: src:glassfish Version: 1:2.1.1-b31g-3 Severity: serious Tags: security Dear glassfish maintainers, Please determine whether and how glassfish as present in Debian is affected by CVE-2012-3155. Please adjust the severity of this bug accordingly. | Unspecified vulnerability in the CORBA

Bug#700268: libhttpclient-java: overly broad certificate wildcard match

2013-02-10 Thread Helmut Grohne
Package: libhttpclient-java Version: 4.2.1-1 Severity: grave Tags: security In the version above the common name match of the certificate check was rewritten. So the versions in squeeze and wheezy are not affected. The rewritten version contains a bug (uses length of wrong object) and thereby

Bug#701163: jenkins-external-job-monitor and libjenkins-java share jenkins-core-1.447.2.jar

2013-02-22 Thread Helmut Grohne
Package: jenkins-external-job-monitor, libjenkins-java Version: 1.447.2+dfsg-3 Severity: wishlist Those packages share[1] 99% of their data which basically boils down to both of them shipping jenkins-core-1.447.2.jar[2]. Would it be possible to turn libjenkins-java into a dependency of

Bug#726997: findbugs: reduce package size by 3.3M or 40%

2013-10-21 Thread Helmut Grohne
Package: findbugs Version: 2.0.2-1 Severity: wishlist Dear Maintainer, The findbugs package contains an excellent opportunity to reduce space on the mirrors and installations. The findbugs.jar, which makes up almost half of the package, is shipped twice in the binary package[1]. Can you replace

Bug#751006: yui-compressor: missing Multi-Arch: foreign

2014-06-09 Thread Helmut Grohne
) + + -- Helmut Grohne hel...@subdivi.de Mon, 09 Jun 2014 14:22:09 +0200 + yui-compressor (2.4.7-1) unstable; urgency=low * New upstream release. diff -Nru yui-compressor-2.4.7/debian/control yui-compressor-2.4.7/debian/control --- yui-compressor-2.4.7/debian/control 2012-05-12 23:05

Bug#839567: rake does not work with jruby

2016-10-03 Thread Helmut Grohne
On Mon, Oct 03, 2016 at 11:13:13AM +0200, Emmanuel Bourg wrote: > What is the expected contract for a package providing ruby-interpreter? I wish I could tell. Judging from https://wiki.debian.org/Teams/Ruby/Packaging, it seems that ruby-interpreter requires /usr/bin/ruby. Not sure how official

Bug#839567: rake does not work with jruby

2016-10-02 Thread Helmut Grohne
Package: rake,jruby Severity: serious Justification: policy 3.5 User: helm...@debian.org Usertags: rebootstrap Hi, Please consider the following interaction with a fresh sid chroot: # apt-get install -y --no-install-recommends jruby ... # apt-get install --no-install-recommends rake # rake

Bug#839567: rake does not work with jruby

2016-10-03 Thread Helmut Grohne
On Mon, Oct 03, 2016 at 04:46:11PM -0700, tony mancill wrote: > I agree with Helmut's suggestion that jruby should drop the Provides. > Even if there are contexts in which jruby could act as a ruby > interpreter, I don't think we should encourage our users to use it > when we have ruby available.