Debian Bug report logs -
#740586
mojarra: CVE-2013-5855
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 3 Mar 2014 08:15:01 UTC
Severity: grave
Tags: security
Fixed in version mojarra/2.2.8-1
Done: Miguel Landaeta <nomadium@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#740586; Package mojarra.
(Mon, 03 Mar 2014 08:15:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Mon, 03 Mar 2014 08:15:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mojarra
Severity: grave
Tags: security
Justification: user security hole
Hi,
this was assigned CVE-2013-5855:
https://java.net/jira/browse/JAVASERVERFACES-3150
Fix:
https://java.net/projects/mojarra/sources/svn/revision/12793
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#740586; Package mojarra.
(Sun, 28 Sep 2014 01:30:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Miguel Landaeta <nomadium@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
Your message did not contain a Subject field. They are recommended and
useful because the title of a Bug is determined using this field.
Please remember to include a Subject field in your messages in future.
(Sun, 28 Sep 2014 01:30:11 GMT) (full text, mbox, link).
Message #10 received at 740586@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
unblock 759163 by 759131
tags 759163 + pending
tags 758972 + pending
tags 740586 + pending
tags 677194 + pending
tags 749206 + pending
tags 759634 + pending
tags 738110 + pending
thanks
A fix for all these bugs is already committed to the git repo and it
will be uploaded soon.
I need to check some pending issues with the maintainer that prepared
this upload.
--
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
"Faith means not wanting to know what is true." -- Nietzsche
[signature.asc (application/pgp-signature, inline)]
Added tag(s) pending.
Request was from Miguel Landaeta <nomadium@debian.org>
to control@bugs.debian.org.
(Sun, 28 Sep 2014 01:30:36 GMT) (full text, mbox, link).
Reply sent
to Miguel Landaeta <nomadium@debian.org>:
You have taken responsibility.
(Wed, 01 Oct 2014 03:27:09 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Wed, 01 Oct 2014 03:27:09 GMT) (full text, mbox, link).
Message #17 received at 740586-close@bugs.debian.org (full text, mbox, reply):
Source: mojarra
Source-Version: 2.2.8-1
We believe that the bug you reported is fixed in the latest version of
mojarra, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 740586@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Miguel Landaeta <nomadium@debian.org> (supplier of updated mojarra package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 30 Sep 2014 22:37:55 -0300
Source: mojarra
Binary: libjsf-api-java libjsf-java-doc
Architecture: source all
Version: 2.2.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Miguel Landaeta <nomadium@debian.org>
Description:
libjsf-api-java - JavaServer Faces 2.2 Java EE web framework - API
libjsf-java-doc - Documentation for libjsf-api-java
Closes: 677194 738110 740586 749206 758972 759163 759634
Changes:
mojarra (2.2.8-1) unstable; urgency=medium
.
[ Markus Koschany ]
* New upstream release. (Closes: #758972, #759163).
This fixes the following security issues:
- CVE-2013-5855. (Closes: #740586).
- CVE-2012-2672. (Closes: #677194).
* Drop B-D on libtomcat6-java. (Closes: #749206, #759634).
* Update copyright file.
* Wrap and sort fields in d/control.
* Add README.source.
.
[ Miguel Landaeta ]
* Update my maintainer email address.
* Switch build tool to Javahelper.
* Drop libjsf-impl-java package.
Reason: it can't be built with software available in the archive.
* Provide Maven artifacts. (Closes: #738110).
* Bump Standards-Version to 3.9.6. No changes were required.
* Replace dependencies on libservlet2.5-java with libservlet3.0-java.
Checksums-Sha1:
81fb42612a7bde6d0c003625f5c8ab7aaf71f102 2389 mojarra_2.2.8-1.dsc
e9b06693705bb092ca186dd0b768aeb7afb9f3af 691636 mojarra_2.2.8.orig.tar.xz
922e906c155feb9c59186ceeafe72c55dddeae22 12872 mojarra_2.2.8-1.debian.tar.xz
d8f45d7ffd71366e383551398729bd5b646b6487 573254 libjsf-api-java_2.2.8-1_all.deb
e44af95025080b27112795a082582e2dab57717e 539620 libjsf-java-doc_2.2.8-1_all.deb
Checksums-Sha256:
102a7b12d5da049564f24f5075717c895d61723bf955ebfddb3efeafef034ce8 2389 mojarra_2.2.8-1.dsc
87664bb6b29489ea938109152f174c687f5db6bda242e7204a2b5da777e6c7cd 691636 mojarra_2.2.8.orig.tar.xz
46ee91c594eb8186706b45a094a40ff3112fef9540ce436c43d63ce4a293d7b8 12872 mojarra_2.2.8-1.debian.tar.xz
9e2fd02f97885a97135cbb62398d00b9f8a5514d82e847841b8387117478a532 573254 libjsf-api-java_2.2.8-1_all.deb
a84fa09bfc6b1cfaf90059005e5e8e857cb5fce5e69c6084a73db806690e3ebd 539620 libjsf-java-doc_2.2.8-1_all.deb
Files:
ee2f71e1d5761099f9a248ddf86ab74e 573254 java optional libjsf-api-java_2.2.8-1_all.deb
765566bd7bd533d899ea086fafaa1dfe 539620 doc optional libjsf-java-doc_2.2.8-1_all.deb
0ce0aa092f8036faf99ebc6d754e5c61 2389 java optional mojarra_2.2.8-1.dsc
2eb03d031e2baba1afe9351e5c2181d3 691636 java optional mojarra_2.2.8.orig.tar.xz
958a5fc89211c191ef7a32e91dcc52ce 12872 java optional mojarra_2.2.8-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJUK2iNAAoJEGIODQuJV82l+swQALUXMeF7us+y43d6/+FnZTj2
8Gor4ScJGG+NCW6rcDB+pMbuJsjbDUKfs6/vRx68JE3SAgU0RYD36RYw22mltfyW
96EQlA6S/y3AVjtsZk2hqQTsQvRypVpRwkAfDiWbjnBTCTSVjnR8vOwzLesW8DL6
KjLArFPdDwXUSgvA9Ak/c6pJ90aFLMxJvgqiG0eXv528wkqnCsiQqPm7OZSmCMx5
tRhyAYoGKNQX8uiuQSmaP6VG/6sQp4xGDnYQFLKMkFfx6tVxXFaz80e1ca4BghsB
34oRWtlyK6GMZii7NxYMvF5TsWdDRU8YajUOB/CZYrT+2ihaRfYcK+kAN3zzCncB
ZPOld/Cx31WY5KPeZrqFL/ayGupdmb3OZxcgIjoHjEUVl56nY0tT7uOLdfV52Oc8
6GzkgPVbiuGsYxXPBzz9FYG+3lqRCIpOXvzV4GebWnzXftc5ZaGX0YyGOxZ19x9U
yclbjda7ZDWKft+pT+N4udTLA1tvY1WBt7zoD5/gNr/SPNeVo27mJncd3vhn5YSd
SoUhRcGrPPofejSy/w6BslFAarA7iAXkq/2Gxz7FRDlB/pBzg9kMEkK2yyN65DAc
2F404c/nbMwTw0MdwRgn8UxLs8/1yzE0bcXlEJ7Els9E3EcCIayrnrJ0xAIQw+Sw
Wf5Pac1IH6/99wwgZGWq
=EGZP
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 May 2015 08:06:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:18:07 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon