Debian Bug report logs -
#989259
CVE-2021-28170
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#989259; Package src:jakarta-el-api.
(Sun, 30 May 2021 16:06:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Sun, 30 May 2021 16:06:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: jakarta-el-api
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
This was assigned CVE-2021-28170:
https://github.com/eclipse-ee4j/el-ri/issues/155
https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#989259; Package src:jakarta-el-api.
(Mon, 31 May 2021 02:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Emmanuel Bourg <ebourg@apache.org>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Mon, 31 May 2021 02:09:05 GMT) (full text, mbox, link).
Message #12 received at 989259@bugs.debian.org (full text, mbox, reply):
Le 2021-05-30 18:03, Moritz Muehlenhoff a écrit :
> This was assigned CVE-2021-28170:
> https://github.com/eclipse-ee4j/el-ri/issues/155
> https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
Thank you for the info. The jakarta-el-api package isn't affected by
this vulnerability,
it's related to the EL reference implementation which isn't built. The
package provides
only the API.
Emmanuel Bourg
Reply sent
to Moritz Muehlenhoff <jmm@inutil.org>:
You have taken responsibility.
(Mon, 31 May 2021 07:15:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Mon, 31 May 2021 07:15:03 GMT) (full text, mbox, link).
Message #17 received at 989259-done@bugs.debian.org (full text, mbox, reply):
On Mon, May 31, 2021 at 12:27:39AM +0200, Emmanuel Bourg wrote:
> Le 2021-05-30 18:03, Moritz Muehlenhoff a écrit :
>
> > This was assigned CVE-2021-28170:
> > https://github.com/eclipse-ee4j/el-ri/issues/155
> > https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
>
> Thank you for the info. The jakarta-el-api package isn't affected by this
> vulnerability,
> it's related to the EL reference implementation which isn't built. The
> package provides
> only the API.
Thanks, I've updated the security tracker.
Cheers,
Moritz
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Mon May 31 12:44:54 2021;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon