Debian Bug report logs -
#611849
CVE-2010-4647/CVE-2008-7271: XSS in help browser application
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 2 Feb 2011 20:21:02 UTC
Severity: important
Tags: security
Merged with 611786
Found in versions eclipse/3.5.2-6squeeze1, eclipse/3.5.2-8
Fixed in versions eclipse/3.5.2-9, eclipse/3.5.2-6squeeze2
Done: Niels Thykier <niels@thykier.net>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#611849; Package eclipse.
(Wed, 02 Feb 2011 20:21:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>.
(Wed, 02 Feb 2011 20:21:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: eclipse
Severity: important
Tags: security
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7271
Red Hat has a good description and links to patches:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4647
This doesn't warrant a DSA, but you could fix this in Squeeze
in a point update.
Cheers,
Moritz
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Forcibly Merged 611786 611849.
Request was from Niels Thykier <niels@thykier.net>
to control@bugs.debian.org.
(Fri, 11 Feb 2011 11:57:12 GMT) (full text, mbox, link).
Bug Marked as found in versions eclipse/3.5.2-8.
Request was from Niels Thykier <niels@thykier.net>
to control@bugs.debian.org.
(Fri, 11 Feb 2011 11:57:12 GMT) (full text, mbox, link).
Reply sent
to Niels Thykier <niels@thykier.net>:
You have taken responsibility.
(Fri, 11 Feb 2011 14:39:18 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Fri, 11 Feb 2011 14:39:18 GMT) (full text, mbox, link).
Message #16 received at 611849-close@bugs.debian.org (full text, mbox, reply):
Source: eclipse
Source-Version: 3.5.2-9
We believe that the bug you reported is fixed in the latest version of
eclipse, which is due to be installed in the Debian FTP archive:
eclipse-jdt_3.5.2-9_i386.deb
to main/e/eclipse/eclipse-jdt_3.5.2-9_i386.deb
eclipse-pde_3.5.2-9_i386.deb
to main/e/eclipse/eclipse-pde_3.5.2-9_i386.deb
eclipse-platform-data_3.5.2-9_all.deb
to main/e/eclipse/eclipse-platform-data_3.5.2-9_all.deb
eclipse-platform_3.5.2-9_i386.deb
to main/e/eclipse/eclipse-platform_3.5.2-9_i386.deb
eclipse-plugin-cvs_3.5.2-9_i386.deb
to main/e/eclipse/eclipse-plugin-cvs_3.5.2-9_i386.deb
eclipse-rcp_3.5.2-9_i386.deb
to main/e/eclipse/eclipse-rcp_3.5.2-9_i386.deb
eclipse_3.5.2-9.debian.tar.gz
to main/e/eclipse/eclipse_3.5.2-9.debian.tar.gz
eclipse_3.5.2-9.dsc
to main/e/eclipse/eclipse_3.5.2-9.dsc
eclipse_3.5.2-9_all.deb
to main/e/eclipse/eclipse_3.5.2-9_all.deb
libequinox-osgi-java_3.5.2-9_all.deb
to main/e/eclipse/libequinox-osgi-java_3.5.2-9_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 611849@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niels Thykier <niels@thykier.net> (supplier of updated eclipse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Feb 2011 14:15:40 +0100
Source: eclipse
Binary: eclipse eclipse-jdt eclipse-pde eclipse-platform eclipse-platform-data eclipse-plugin-cvs eclipse-rcp libequinox-osgi-java
Architecture: source all i386
Version: 3.5.2-9
Distribution: unstable
Urgency: low
Maintainer: Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Niels Thykier <niels@thykier.net>
Description:
eclipse - Extensible Tool Platform and Java IDE
eclipse-jdt - Eclipse Java Development Tools (JDT)
eclipse-pde - Eclipse Plug-in Development Environment (PDE)
eclipse-platform - Eclipse platform without plug-ins to develop any language
eclipse-platform-data - Eclipse platform without plug-ins to develop any language (data)
eclipse-plugin-cvs - Eclipse Team Integration (CVS support)
eclipse-rcp - Eclipse Rich Client Platform (RCP)
libequinox-osgi-java - Equinox OSGi framework
Closes: 611849 612738
Changes:
eclipse (3.5.2-9) unstable; urgency=low
.
* Bump version for sat4j. (Closes: #612738)
* Backported patch for CVE-2010-4647. (Closes: #611849)
- Fixes XSS in help browser application.
Checksums-Sha1:
d20db7eea322f9843dcc3fc4c6f5fc70a211a6ce 3184 eclipse_3.5.2-9.dsc
a6b7a85c4ee1180e75514018100ae44e3335c785 101771 eclipse_3.5.2-9.debian.tar.gz
56b1deba0acbeec2bb8fbeda362c4197a10bfad2 47152 eclipse_3.5.2-9_all.deb
5cb0bd493f7e44b4455e634e08d427d534e90915 40005396 eclipse-jdt_3.5.2-9_i386.deb
8de008f4934f4a53a9bb0001e149985277c4da4e 16097226 eclipse-pde_3.5.2-9_i386.deb
0c63ddc3b62ddca52b304c8d81090d738b516990 40309078 eclipse-platform_3.5.2-9_i386.deb
042af5f4785c29bc35b32f311bf93c05b2d6bfcd 29628286 eclipse-platform-data_3.5.2-9_all.deb
ecabf5f0a7fbbe0cf962b69388412285e6875fbd 3190052 eclipse-plugin-cvs_3.5.2-9_i386.deb
5c27366c32d732adda891640c30c656e6cc1d412 15734574 eclipse-rcp_3.5.2-9_i386.deb
7e377e64ef2fadafd4799af906342926b5ddf09c 3222918 libequinox-osgi-java_3.5.2-9_all.deb
Checksums-Sha256:
c44579883cabe57faff8bccf835033bd174e898fdc457f0b2bc8da24279f368c 3184 eclipse_3.5.2-9.dsc
76a9422b388af004f372449c18123213949c52417b81caa2ff1a5480f5799b77 101771 eclipse_3.5.2-9.debian.tar.gz
048c16fdbde8255e75efb4815e0b99c90f5bb5385291e8cdb7165e569bf1272b 47152 eclipse_3.5.2-9_all.deb
733886ef0cc0cca60a6aca1a00ecf7b063e7813bf3fee8238443d87ed9fb4762 40005396 eclipse-jdt_3.5.2-9_i386.deb
733935f58b0651ecad175d78dcf4f089c7f3855e65cc97dbf8ded0cf34fa99cf 16097226 eclipse-pde_3.5.2-9_i386.deb
fe595b0dd5a2bdd6c13877ae9cc890201e544c92321be90af9aa56d8ec4d2fb8 40309078 eclipse-platform_3.5.2-9_i386.deb
ab9e21765d59d72c84321329452a73372603c3c991edecbde3c4633ec6f086f7 29628286 eclipse-platform-data_3.5.2-9_all.deb
7323f0067cbc444c79821d8fe70b6e547ca55771c3219c2f54f2b86e3e61534c 3190052 eclipse-plugin-cvs_3.5.2-9_i386.deb
81c463b65991e8a8ede21e7c4e0936dfbabc1a20e2e6c6d355359dd2c816ff99 15734574 eclipse-rcp_3.5.2-9_i386.deb
eb16cd07c636e1317501dabc0fa62b913cf691ef37e972625cca92f940316ede 3222918 libequinox-osgi-java_3.5.2-9_all.deb
Files:
045e6a6a6e5e6d863945732a18954e70 3184 devel optional eclipse_3.5.2-9.dsc
71c89dccd6964d87932414e836fda9f6 101771 devel optional eclipse_3.5.2-9.debian.tar.gz
29cc00eef582cb626d715906daea55f5 47152 devel optional eclipse_3.5.2-9_all.deb
85f483c2701ee391c609375f2d6ae21a 40005396 devel optional eclipse-jdt_3.5.2-9_i386.deb
ed542965d00845edd188a92efdbdbb4f 16097226 devel optional eclipse-pde_3.5.2-9_i386.deb
79534b0e07cd7a3ced9220af2429953d 40309078 devel optional eclipse-platform_3.5.2-9_i386.deb
68ada72e56fe899a7f65240da6bb827c 29628286 devel optional eclipse-platform-data_3.5.2-9_all.deb
934d175b8353501c5442384e2f5a998e 3190052 devel optional eclipse-plugin-cvs_3.5.2-9_i386.deb
3053df1b22a43718a375b07fb9d20dd0 15734574 devel optional eclipse-rcp_3.5.2-9_i386.deb
9d5d402e2121081e6b70597f0a18db94 3222918 java optional libequinox-osgi-java_3.5.2-9_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJNVT06AAoJEAVLu599gGRCUfEQAJWLsf4CDlP5GE78tgWKtCN7
35SrJSKJaTwgE3EF3nduWtRUU3oLOzyA9OyjM1g32mvMquk+BFAI31+4lRVYG5cJ
MeV/GEeB1I9VfDkopFfdW4qGYdIZJ2S3hPQ5C0D0azcaWt5b/UsyEu8194SLpQaB
G1p6o4ZhNpDtbetiIsqmPIR8Vl9OBjHwMqH+sbEDyfiG7pFeoM/E4/lkG9luxInn
N96D5vkbLlxyYlrITzj3wYdHJzHWBYfS9I/KR6XgRg0iBr1QYeGoeYbyfY5uAb8s
+lzOve6gqO2YdVH34RPBchnCg/OfdThLUY3xAt1PY0SA1thvGDzb1Yn0YmZlRZXh
T8FbZWn+dTuA5Xexws5vAigne5NnpaotsxzPgbvgHejwKG3bGOVSwjeN7dABQ1DU
kSFgTAx9vtyKzHVOkiHaUTspyYQ3TylkhKh9pmP3c0rU91q4AY1XfKJ4vGUVnxAj
zwqAVBsZRxhj8+UI/LT7cNaocG+0qWEV7dsdbaYkXmTrlkjpEdsdBFqgyAFcxjoX
aN/obDn0lId9ZvwVVY5ugraxuvoKx5AtIwBNYl7vm7RNNkWfMO4C8z/SX8Jd7Q50
3CWkD+V+AsaZbmylsw5EVSyHtE10u5qND9eOUxDYigE2XR71CGTakBmxnNpqAITu
OR4BZ+HQ4Y7jwOk9N0cM
=X1Z+
-----END PGP SIGNATURE-----
Reply sent
to Niels Thykier <niels@thykier.net>:
You have taken responsibility.
(Fri, 11 Feb 2011 14:39:19 GMT) (full text, mbox, link).
Notification sent
to Niels Thykier <niels@thykier.net>:
Bug acknowledged by developer.
(Fri, 11 Feb 2011 14:39:19 GMT) (full text, mbox, link).
Reply sent
to Niels Thykier <niels@thykier.net>:
You have taken responsibility.
(Tue, 15 Feb 2011 20:00:08 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Tue, 15 Feb 2011 20:00:08 GMT) (full text, mbox, link).
Message #26 received at 611849-close@bugs.debian.org (full text, mbox, reply):
Source: eclipse
Source-Version: 3.5.2-6squeeze2
We believe that the bug you reported is fixed in the latest version of
eclipse, which is due to be installed in the Debian FTP archive:
eclipse-jdt_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-jdt_3.5.2-6squeeze2_i386.deb
eclipse-pde_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-pde_3.5.2-6squeeze2_i386.deb
eclipse-platform-data_3.5.2-6squeeze2_all.deb
to main/e/eclipse/eclipse-platform-data_3.5.2-6squeeze2_all.deb
eclipse-platform_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-platform_3.5.2-6squeeze2_i386.deb
eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
eclipse-rcp_3.5.2-6squeeze2_i386.deb
to main/e/eclipse/eclipse-rcp_3.5.2-6squeeze2_i386.deb
eclipse_3.5.2-6squeeze2.debian.tar.gz
to main/e/eclipse/eclipse_3.5.2-6squeeze2.debian.tar.gz
eclipse_3.5.2-6squeeze2.dsc
to main/e/eclipse/eclipse_3.5.2-6squeeze2.dsc
eclipse_3.5.2-6squeeze2_all.deb
to main/e/eclipse/eclipse_3.5.2-6squeeze2_all.deb
libequinox-osgi-java_3.5.2-6squeeze2_all.deb
to main/e/eclipse/libequinox-osgi-java_3.5.2-6squeeze2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 611849@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niels Thykier <niels@thykier.net> (supplier of updated eclipse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Feb 2011 12:46:51 +0100
Source: eclipse
Binary: eclipse eclipse-jdt eclipse-pde eclipse-platform eclipse-platform-data eclipse-plugin-cvs eclipse-rcp libequinox-osgi-java
Architecture: source all i386
Version: 3.5.2-6squeeze2
Distribution: stable
Urgency: low
Maintainer: Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Niels Thykier <niels@thykier.net>
Description:
eclipse - Extensible Tool Platform and Java IDE
eclipse-jdt - Eclipse Java Development Tools (JDT)
eclipse-pde - Eclipse Plug-in Development Environment (PDE)
eclipse-platform - Eclipse platform without plug-ins to develop any language
eclipse-platform-data - Eclipse platform without plug-ins to develop any language (data)
eclipse-plugin-cvs - Eclipse Team Integration (CVS support)
eclipse-rcp - Eclipse Rich Client Platform (RCP)
libequinox-osgi-java - Equinox OSGi framework
Closes: 611849
Changes:
eclipse (3.5.2-6squeeze2) stable; urgency=low
.
* Backported patch for CVE-2010-4647. (Closes: #611849)
- Fixes XSS in help browser application.
Checksums-Sha1:
d742dc937f3bcc56fdb2063b09a1b9fb07b60cd6 3272 eclipse_3.5.2-6squeeze2.dsc
99d161161a1e711d6d2846cce67003012bdb0378 100040 eclipse_3.5.2-6squeeze2.debian.tar.gz
76419b0b6ee6ce78a02c56206f7f022e43ee457e 47040 eclipse_3.5.2-6squeeze2_all.deb
c2800c3bb2f8573cc934e603cfdf6a3e3bd00f99 40006884 eclipse-jdt_3.5.2-6squeeze2_i386.deb
16c568727c603ec309b3bb85ca6c1f2baeda5f89 16098146 eclipse-pde_3.5.2-6squeeze2_i386.deb
990b9596e6e896d7b0a9560ee1f508dde42bcd18 40302504 eclipse-platform_3.5.2-6squeeze2_i386.deb
cd9dd3c10d09c3a908da9ca99b861ba33314c02c 29628358 eclipse-platform-data_3.5.2-6squeeze2_all.deb
dd4b3721748cbb9eab0c30e6a4d356a3402bdf9e 3189806 eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
4d07e5048909d3942eb352e22c849972155e9126 15734512 eclipse-rcp_3.5.2-6squeeze2_i386.deb
e954807a31fae279b10386c64b8384a4836af34e 3222294 libequinox-osgi-java_3.5.2-6squeeze2_all.deb
Checksums-Sha256:
3d95b2d20794ae1493adafeda4bfee6b365aa7744d97dcfb01533ce5923bf957 3272 eclipse_3.5.2-6squeeze2.dsc
94c8e55b1a7f8996efc2ce989ca89f32d920c9884cb712097bd0e2b4b8fa160b 100040 eclipse_3.5.2-6squeeze2.debian.tar.gz
03f83bcc316cdf46557b6f9a849c6d2d2e7ab3ceedf515eb90208872d1fb02bf 47040 eclipse_3.5.2-6squeeze2_all.deb
de1f7e33a916b038e4442583e8d86bbe2cc62128cf0de8e4df019385cedaa718 40006884 eclipse-jdt_3.5.2-6squeeze2_i386.deb
d945ad029af3ddb927bae23532544b20b1804d8107a2d00ec64f0d950a5f20a7 16098146 eclipse-pde_3.5.2-6squeeze2_i386.deb
33c18f942430ff57f760690b7f61dc308d1d69a979088b95c3d97459c897d87b 40302504 eclipse-platform_3.5.2-6squeeze2_i386.deb
7bb68a6e3e5167cf5400f83d5abf55fe5f6dcee5468b4d6c61583eb5ac8eeb50 29628358 eclipse-platform-data_3.5.2-6squeeze2_all.deb
abe36251edbe15cb6da844593569413e25d1687cd0a200f592729a0e7dd8e941 3189806 eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
153689f6d2a5c87961a943bd8ce0a2efab77d89a3796df38e1a6d4ba6d95490c 15734512 eclipse-rcp_3.5.2-6squeeze2_i386.deb
64283b709b527046e4e5d883862653ebe7cf9e2c31c875a85ee2c380e9c354ab 3222294 libequinox-osgi-java_3.5.2-6squeeze2_all.deb
Files:
e23e2d48c82e02a6bbba6b7185916b56 3272 devel optional eclipse_3.5.2-6squeeze2.dsc
3693f54029a35eab75fb08ffcc1b18fd 100040 devel optional eclipse_3.5.2-6squeeze2.debian.tar.gz
88f64f9132195fc5fbdaad4cc3619bfd 47040 devel optional eclipse_3.5.2-6squeeze2_all.deb
d6f5f9b4a25fcdf68cf525034b1417ac 40006884 devel optional eclipse-jdt_3.5.2-6squeeze2_i386.deb
a0fc981a7e6cda689f358fc43e218c78 16098146 devel optional eclipse-pde_3.5.2-6squeeze2_i386.deb
2cdaf1c37a12e0afed97f59d74635de8 40302504 devel optional eclipse-platform_3.5.2-6squeeze2_i386.deb
468ad8a33bbfd88e820659fbcac8309e 29628358 devel optional eclipse-platform-data_3.5.2-6squeeze2_all.deb
e00b0d89171eca10cf216263336953c7 3189806 devel optional eclipse-plugin-cvs_3.5.2-6squeeze2_i386.deb
1250fa4674ec95a5ddfa8e14cb8d1bbf 15734512 devel optional eclipse-rcp_3.5.2-6squeeze2_i386.deb
5f080cae6df5537ac381c4625ff0d3fa 3222294 java optional libequinox-osgi-java_3.5.2-6squeeze2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJNWozLAAoJEAVLu599gGRCptgQAIbKiyJxpBEv1tyzFrbIEVEo
NutWQ5exDFsg5BqwUuiiwkmis3CSKsX/UA2JHla9uNaPRs1c+2rbbCla8hkb5GSI
4LEX9n+yg3KRdJTGIGKcfunvHBgtiIwRMBrKLNFGV+TkGHYYgaeiuctclS4Pzv0M
qjjAucI9LEk4UN5oEEaaVK+rjyaIxMorfJ55UOof2tU0XQyfwBuUs5s24iDmPD9v
ER0aK+7sXSlQdaGKXwbBt7G3SCKVSRCtFu1YTnQy8YA+I4XbxLJydkA6jCVFlqXY
CmoKA0Dy1ZzpjQ0yfsjR6FzMn5ESNF1sKsQknlPbfKX+A0FNYuCPuzTSA7s/SLxZ
ov5vcUGMgM6L0+PwDBXOVrUiCHmsrZGcphOR2xdu9uMmBJ+LLnOvF+i/6+rgUybV
QPHwhKmewZu59YSpPoVn+Ckm6r4rJRTXXk61ZCBtlX0Gd3KHP9bFQHXqCad0RKDz
ZOCb1MiiLhhmPd/WfdaYUGwWtExTYaeAHFaa6DmgvhR/jsxA+lKYdSLePYgmptks
msdkVupVgCoo8H3lSqOH36z6/9dz2X5ZhEKbpFmLmSxee6kH6EDRv/bziqp5eldt
si8bzWMXrNObvbHvHUe2MlGqlVE/73NOMCNoTibyCuxHyeFTW2YRppczUhsojgW0
EaHxNOkzclIqaZkG3AAc
=yB61
-----END PGP SIGNATURE-----
Reply sent
to Niels Thykier <niels@thykier.net>:
You have taken responsibility.
(Tue, 15 Feb 2011 20:00:09 GMT) (full text, mbox, link).
Notification sent
to Niels Thykier <niels@thykier.net>:
Bug acknowledged by developer.
(Tue, 15 Feb 2011 20:00:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#611849; Package eclipse-platform.
(Sat, 19 Feb 2011 22:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>.
(Sat, 19 Feb 2011 22:45:03 GMT) (full text, mbox, link).
Message #36 received at 611849@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
lenny (5.0.9)
(I already noted your accepted fix for 6.0.1; thanks for being pro-active!)
Please arrange to backport your fix and liase with the release team for
permission to upload. I will happily assist you if the patch is
straightforward and you need help or lack time.
For details of this process and the rationale, please see the original
announcement [1] and my blog post [2].
1: <201101232332.11736.thijs@debian.org>
2: http://deb.li/prsc
Thanks,
with his security hat on:
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#611849; Package eclipse-platform.
(Sun, 20 Feb 2011 00:48:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Niels Thykier <niels@thykier.net>:
Extra info received and forwarded to list. Copy sent to Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>.
(Sun, 20 Feb 2011 00:48:06 GMT) (full text, mbox, link).
Message #41 received at 611849@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2011-02-19 23:40, Jonathan Wiltshire wrote:
> Dear maintainer,
>
Hey
> Recently you fixed one or more security problems and as a result you closed
> this bug. These problems were not serious enough for a Debian Security
> Advisory, so they are now on my radar for fixing in the following suites
> through point releases:
>
> lenny (5.0.9)
>
I think your radar might be broken, as eclipse has been removed from
Lenny[1]. :P Though if still needed I can find you the patches, I have
seen for these issues; but I can do very little for eclipse 3.2.2 that
was in Lenny as I have never built that version of eclipse (this is also
related to why I asked for it to be removed from Lenny in the first place).
Nevertheless, thanks for the heads up. :)
> (I already noted your accepted fix for 6.0.1; thanks for being pro-active!)
>
You are welcome. :)
> Please arrange to backport your fix and liase with the release team for
> permission to upload. I will happily assist you if the patch is
> straightforward and you need help or lack time.
>
> For details of this process and the rationale, please see the original
> announcement [1] and my blog post [2].
>
> 1: <201101232332.11736.thijs@debian.org>
> 2: http://deb.li/prsc
>
> Thanks,
>
> with his security hat on:
~Niels
[1] http://packages.qa.debian.org/e/eclipse/news/20100626T090858Z.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJNYGO/AAoJEAVLu599gGRCRrAP/1UarK7PBc2+v1E87uVZqhXY
S8cTMkmnMs3tWFflhB5xEvPfJT0/deeqqllPWnJDMTkXQuZTHP7xzYxd2xOhtdT4
XTa2qixm8qMxqwWrmAgijfxIgX3/p5/hmnSIABCnSt2Tq7yFwTh8pe2w9Qa9CuWU
QgUiO4ETYmB1RJqtfRnCU8w/FX17ZAlbBFloJTgdKMZUDGvedre4bmyrLiEb0tkJ
Fsjn3k5xkddItjwEKjIyhWS8NZO4mGp5jNiPdWqtAlEouqX7k4KBxaCsIgysPwnu
IUyFOyXjko1bPPu0YLY6WYSrMTwk9pvNct+0hyg/bQD6DI2zC9kEq1h6KEWtisuC
wOzDJsdPJO3VOGFmxE4g48MSLoZO/yaOqIM4BUnbs3VJNf0Gd5GgCbopPOm87KMn
C4AumE7WfXHaK2T7AmqLgy2c8r10ak/t8s9s/R1n06hnG//Zc9MtO8nyZRJWqt2m
HNZwTG7AVNtDZ3RAzpwizGsHc56IvF+W0mQcErOs+bBnSGTM2MuLfTPgFUN7luQY
863z7nEBbL7MfZXxCNr4HNlWidLgLhrKV9oknSTqm9CvJwyybE2d56TuWzZWQ3/I
nfBOOegoSxuyuufQWE0p6DoaW/M7Wt7W2M4qvG2wZjhBLOw94Ws+tQAZCSSucfVb
s4SYJoHDFHSooV8k0HMm
=vRVz
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#611849; Package eclipse-platform.
(Sun, 20 Feb 2011 14:45:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>.
(Sun, 20 Feb 2011 14:45:07 GMT) (full text, mbox, link).
Message #46 received at 611849@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Sun, Feb 20, 2011 at 01:43:44AM +0100, Niels Thykier wrote:
> I think your radar might be broken, as eclipse has been removed from
> Lenny[1]. :P Though if still needed I can find you the patches, I have
> seen for these issues; but I can do very little for eclipse 3.2.2 that
> was in Lenny as I have never built that version of eclipse (this is also
> related to why I asked for it to be removed from Lenny in the first place).
Ah, you are quite right; thanks for the clarification and sorry for the
disturbance.
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#611849; Package eclipse-platform.
(Sun, 20 Feb 2011 14:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Niels Thykier <niels@thykier.net>:
Extra info received and forwarded to list. Copy sent to Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org>.
(Sun, 20 Feb 2011 14:51:05 GMT) (full text, mbox, link).
Message #51 received at 611849@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2011-02-20 15:41, Jonathan Wiltshire wrote:
> On Sun, Feb 20, 2011 at 01:43:44AM +0100, Niels Thykier wrote:
>> I think your radar might be broken, as eclipse has been removed from
>> Lenny[1]. :P Though if still needed I can find you the patches, I have
>> seen for these issues; but I can do very little for eclipse 3.2.2 that
>> was in Lenny as I have never built that version of eclipse (this is also
>> related to why I asked for it to be removed from Lenny in the first place).
>
> Ah, you are quite right; thanks for the clarification and sorry for the
> disturbance.
>
Hey,
No worries.
You have taken on quite a task here (with the stable security stuff). I
am certain a lot of our users will benefit from it. :)
~Niels
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJNYSlIAAoJEAVLu599gGRCiRIP/RY+DDzE/DI0CrGqXoSrsknz
dEhxs61SkdBodm3N05yMTulcCEqA5OTd2RrzBmFfUv0vI7P4tuA0tIgqGi22fRGv
NpWcMeV7cozGNK+h4sRayORWM4GKJBRxwH/KNWGre88aNUfKsDRESQyqWVB2xJIh
m/+7+ZhioZSbmnEBusoJ2RMwEZw3BkXV15RDSwiuFehe9kkh5q9DnpnJylvnwJ7g
UotZ/NACQqlhJeY/x+6wypUs96aOpVDWK41IquRFcmr7B+6wvZrBBD2H15TcHJ93
sa290yjuEzxEyGGn1Pbdo5tAPJ3GC9DEBRswTemTE5Y3+AXNPiOslNzRa+xwTGOJ
TVjcTdkkHlhuJsnNO0AHCP1CYGn8WxrUsSsQ4ZKVTVj3CDc9hH+nd0UeA4Un7UCA
326dpFvLQUq4KA/q2shd9u/aVS7JIGpYTOnnlrMHqhMPHVtJsSuNFETXU5D3XlS4
+AOOjXlI3MMiYPvOBDdkClLPsOf19UCPoax5AyLlMtO28IzC259urgSjKx6N9DCI
Fq6uuJgxiYNQRoE3bUZGiXO9co1r6e/GGRNqpXOmsPhY7AsIP2k8HFiL5tw5MWPu
+aOsS07PI2kTfvVBadAaltTdU0ShzOz5FUKzmp8a1U92kmxf91IO2sXCwssTJ54G
ugb27WBI75E30BgtQlE0
=lLTG
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 22 Mar 2011 07:37:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:47:59 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon