Debian Bug report logs -
#670901
Spring: Multiple security issues
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Mon, 30 Apr 2012 07:57:05 UTC
Severity: grave
Tags: security
Fixed in version libspring-security-2.0-java/2.0.7.RELEASE-1
Done: Miguel Landaeta <miguel@miguel.cc>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
:
Bug#670901
; Package libspring-security-2.0-java
.
(Mon, 30 Apr 2012 07:57:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
.
(Mon, 30 Apr 2012 07:57:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libspring-security-2.0-java
Severity: grave
Tags: security
Please see
http://www.securityfocus.com/archive/1/519593/30/0/threaded
http://www.springsource.com/security/cve-2011-2731
http://www.springsource.com/security/cve-2011-2732
http://www.springsource.com/security/cve-2011-2894
CVE-2011-2894 seems to affect libspring-java? If so, please clone or
reassign as needed.
CVE-2011-2730 seems to affect libspring-2.5-java? If so, please clone or
reassign as needed.
Cheers,
Moritz
Reply sent
to Miguel Landaeta <miguel@miguel.cc>
:
You have taken responsibility.
(Sat, 16 Jun 2012 04:00:09 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
Bug acknowledged by developer.
(Sat, 16 Jun 2012 04:00:09 GMT) (full text, mbox, link).
Message #12 received at 670901-close@bugs.debian.org (full text, mbox, reply):
Source: libspring-security-2.0-java
Source-Version: 2.0.7.RELEASE-1
We believe that the bug you reported is fixed in the latest version of
libspring-security-2.0-java, which is due to be installed in the Debian FTP archive:
libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb
to main/libs/libspring-security-2.0-java/libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb
libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
to main/libs/libspring-security-2.0-java/libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
to main/libs/libspring-security-2.0-java/libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
to main/libs/libspring-security-2.0-java/libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
to main/libs/libspring-security-2.0-java/libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
to main/libs/libspring-security-2.0-java/libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
to main/libs/libspring-security-2.0-java/libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
to main/libs/libspring-security-2.0-java/libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb
to main/libs/libspring-security-2.0-java/libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 670901@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Miguel Landaeta <miguel@miguel.cc> (supplier of updated libspring-security-2.0-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 Jun 2012 21:43:49 -0430
Source: libspring-security-2.0-java
Binary: libspring-security-core-2.0-java libspring-security-acl-2.0-java libspring-security-ntlm-2.0-java libspring-security-portlet-2.0-java libspring-security-taglibs-2.0-java libspring-security-2.0-java-doc
Architecture: source all
Version: 2.0.7.RELEASE-1
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Miguel Landaeta <miguel@miguel.cc>
Description:
libspring-security-2.0-java-doc - documentation for Spring Security 2.0
libspring-security-acl-2.0-java - modular Java/J2EE application security framework - ACL
libspring-security-core-2.0-java - modular Java/J2EE application security framework - Core
libspring-security-ntlm-2.0-java - modular Java/J2EE application security framework - NTLM
libspring-security-portlet-2.0-java - modular Java/J2EE application security framework - Portlet
libspring-security-taglibs-2.0-java - modular Java/J2EE application security framework - Taglibs
Closes: 670901
Changes:
libspring-security-2.0-java (2.0.7.RELEASE-1) unstable; urgency=low
.
* New upstream release. (Closes: #670901).
* Bump Standards-Version to 3.9.3. No changes were required.
Checksums-Sha1:
9e9b1c1229c40649c723b1045fa1b8f66b50e7cc 3164 libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
5f029e7d4f6847da52ebea9f86b9882774173f00 766860 libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
1a1d85c904b7ac3014db63937e779bac869842f4 8767 libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
5cd57eeaa5584a23305946d701fe3135644137c2 662256 libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
00c99577d836ceb01883b3ed7e101a3a254a8868 59158 libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
ea3881eaa999f07d33a7a0bcefc9d96289104cfe 14080 libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
4c552b715dedef60bef43e5ece2cdda1ff89c3f8 13792 libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
00033712ba1eade98525bc7309d065ae097f66e0 16838 libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb
9bc42a8a1aa3363318e04bccf0e98a30877e27c0 1454468 libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb
Checksums-Sha256:
32d14616ca057e284fb2a59ab6b7ea51d22b1698d1d49f646d9ae4da2f4b9e2d 3164 libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
fb3d3a064db8cfb440d1a36354a64c49c1b5abba007c8dd4ab492cbf41947be9 766860 libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
84f7498c3a38f416d2e10a7c863c9a1c26a9e4506e10a5b76dab81d45c7bc0d6 8767 libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
6aa3c8b3e89376b8f0dbe91d707f3741d17008f5fd10584f4561d14079d1d1da 662256 libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
c69fef07dd0e8666379b7f0db4c1e7abb14425ea494d5aa6c8bbc56eea6176cf 59158 libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
c2ac46eb192adc17640ce6962b8dcec8c825b61e0d4823d647e57efc06cc98ce 14080 libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
5fdf529daa5caec890784eb26b80b5d53b50c652239fb7185b8dc0efbe215b06 13792 libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
f48200911867aa549f762b333a3062961b97685779c9f2da9f7af6f661551afd 16838 libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb
8c4febc5852bf8b3fc81ec009aa157886f30714a94c062df02c73b8f2f9e23da 1454468 libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb
Files:
690338e6b920cb3673a48a01309f0b12 3164 java optional libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
65630bf2d2556d7d82b2a41d393b1def 766860 java optional libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
d5350f0ed794b393837c8622e044562d 8767 java optional libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
93cfabb4c0ed62ea57ac334b786acd9b 662256 java optional libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
22aa7849f05ad97fc70317219d59296b 59158 java optional libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
ded1f8801c1e0817c55739e4cd76f5b5 14080 java optional libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
28c0b4970608ad222fc8042f67dc9ee2 13792 java optional libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
e196aa9471b23dd7765d02fa51e9c478 16838 java optional libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb
ca54bc822c75a7fb6b3de33f36af49c3 1454468 doc optional libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJP2/RvAAoJEG5gi2N9iWfpIaoP/0cME7z4uKn07VcSFL6xKb+P
T9WwLrSFsFqUw29F1R3HzmxnAJlb/ynuguS9hhCQrecUqhbUX6rCEGXovJYxkT5r
fjssFrsC8GfBJpmnT3+jCJ0LAC4iy9lnyPlxOJTIyD2zfiEOqGeQ4tL5WKs4FT5A
0aa4eHMhVpfSdaaNJm61seBITcF1Yq8mEmS+yeocJ1bjn8wqprkjtCg7T5ANuPON
9A1eHPl1y5bXCLfICLi6MS7QzWORuHW22Qxmookxp19qgcV90F3Mcl5e3FLiNf07
tqELg1XP0FvACbz1TPdOUxZzQRdO+2/oaP21nLWd5yw2ktCRL+QGmTH1qP4DEuKq
gj/GAMmYYfOm16M0T+fN29yyVL5+jYD/z2k1Apc/r/GTRv6TJZHps1jW5urff1i1
e656Y9J9r7cthQMcackxHW86akaQv/u47x/kHCpUfU7MOGddwyrDew2nZLd0frMg
IP8NnBX8MwtIQQYskxjkkBxEQbkoAAjX4IaOjMSrZcv6KfEP7YMYRG68aki+bhrZ
a+kQ7eft7wkXtvsiPjubl080bXySJRK4zvjMDIUlOXk8iV/ElzalkoSdieze4lsm
Q5BdU8XLyR1JvpajC68wmMXkSEXAiOl/cGNZ/bXf/RHvD/13bWGHJEE1ZNlY3FeL
f6esmSsOor9aqNaZt377
=0Nsn
-----END PGP SIGNATURE-----
Bug 670901 cloned as bug 677814
Request was from "Damien Raude-Morvan" <drazzib@debian.org>
to control@bugs.debian.org
.
(Sat, 16 Jun 2012 22:15:11 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 02 Jun 2013 07:27:12 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:09:17 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.