Hi Sylvain,
On Fri, Apr 01, 2022 at 12:06:40PM +0200, Sylvain Beucler wrote:
> Holger, can you clarify if you want the LTS team to handle
> debian-security-support backports to stretch, or if you intend to do it
> yourself?
thanks for asking, I'd be glad for more people maintaining
debian-securi
Hi,
On 01/04/2022 11:50, Emilio Pozuelo Monfort wrote:
On 03/12/2021 23:50, Markus Koschany wrote:
Am Freitag, dem 03.12.2021 um 14:28 +0100 schrieb Sylvain Beucler:
This year I worked on libspring-java twice for LTS&ELTS. In both case
upstream provided limited information for the CVEs,
Hi,
On 03/12/2021 23:50, Markus Koschany wrote:
Hi Sylvain,
Am Freitag, dem 03.12.2021 um 14:28 +0100 schrieb Sylvain Beucler:
Hi,
This year I worked on libspring-java twice for LTS&ELTS. In both case
upstream provided limited information for the CVEs, and for 5 of them
we're
Hi Sylvain,
Am Freitag, dem 03.12.2021 um 14:28 +0100 schrieb Sylvain Beucler:
> Hi,
>
> This year I worked on libspring-java twice for LTS&ELTS. In both case
> upstream provided limited information for the CVEs, and for 5 of them
> we're unable to dete
On Tue, 26 Mar 2019 14:46:35 +0100 Mattia Rizzolo wrote:
> Dear maintainer (and tony, whose upload 4.3.22-2 caused this bug),
>
> your package libspring-java suddenly stopped building two binaries that
> were actively used by other packages, like activemq.
>
> What's ve
On 27 Nov 2014 12:18, "Emmanuel Bourg" wrote:
>
>
> I'm indeed working on the libspring-java upgrade to the version 3.2.12.
> The propdeps plugin was easy to package and I hope the FTP masters will
> quickly validate it, but if I can't get it in Jessie wit
Le 27/11/2014 13:00, Stephen Nelson a écrit :
> However as a pragmatic option I noticed that Redhat/Fedora took a clever
> approach and they are downloading the .pom files published by Gradle
> from Maven central and using those for the build.
Hi Stephen,
I'm indeed working on
Hi,
I noticed Emmanuel is packaging the gradle plugins to be able to package
Spring 3.2.x. That's definitely the way to go for the future as upstream is
using it.
However as a pragmatic option I noticed that Redhat/Fedora took a clever
approach and they are downloading the .pom files published by
Le 26/11/2014 12:41, Moritz Muehlenhoff a écrit :
> I didn't look into the specific issue, but Red Hat Bugzilla has
> references to isolated patches?
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225
I don't know why the title of the mail refers to CVE-2014-0225, but the
bug #760733
On Wed, Nov 26, 2014 at 12:40:37PM +0100, Emmanuel Bourg wrote:
> I've been investigating this issue as well. I contacted an upstream
> developer and it seems the actual fix for this issue is unknown. The
> version 3.2.0 was just reported as not vulnerable by the security
> researched who discovere
I've been investigating this issue as well. I contacted an upstream
developer and it seems the actual fix for this issue is unknown. The
version 3.2.0 was just reported as not vulnerable by the security
researched who discovered this issue.
I can prepare an upgrade to the latest 3.2.x version but
On 26 Nov 2014 10:45, "Raphael Hertzog" wrote:
>
> Hello Stephen,
>
> On Mon, 08 Sep 2014, Stephen Nelson wrote:
> > > For what it's worth, CVE-2014-3578 was assigned to a directory
traversal
> > > vulnerability in libspring-java
> &g
On Wed, Aug 27, 2014 at 6:55 PM, tony mancill wrote:
> I just checked and it builds fine for me, but I suspect that it's
> because my cowbuilder bind mounts my build area so that its path looks
> the same to the bits of the build that run before entering the chroot to
> those after entering that
t
> it building?
>
> I'm getting the following error:
>
> BUILD FAILED
> /home/stephen/spring/libspring-java/projects/build-spring-framework/build.xml:38:
> Cannot find
> /home/stephen/spring/libspring-java/projects/spring-build/multi-bundle/default.xml
> imported
D
/home/stephen/spring/libspring-java/projects/build-spring-framework/build.xml:38:
Cannot find
/home/stephen/spring/libspring-java/projects/spring-build/multi-bundle/default.xml
imported from
/home/stephen/spring/libspring-java/projects/build-spring-framework/build.xml
I have the spring-build package i
Hello security team,
I have prepared a new version of libspring-java to fix CVE-2014-0054
and CVE-2014-1904 (#741604) by backporting the corresponding upstream
commits. Please find attached the debdiff against the last version of
libspring-java in stable-security.
Please let me know if the
Hello security team,
I have prepared a new version of libspring-java to fix CVE-2013-6429 and
CVE-2013-6430 (#735420) by backporting the corresponding upstream
commits. Please find attached the debdiff against the last version of
libspring-java in stable-security.
Please let me and Miguel
> I am looking for feedback and a sponsor for an upload to unstable. If
> everything works as intended, I will open a new RT ticket for a
> stable-security update.
Hi Markus,
I just uploaded it to unstable.
Please keep me copied when you file the ticket for the stable-security
update.
Thanks fo
On Fri, Jan 24, 2014 at 8:46 PM, Markus Koschany wrote:
> I am looking for feedback and a sponsor for an upload to unstable. If
> everything works as intended, I will open a new RT ticket for a
> stable-security update.
>
>
Hi everyone,
I'm taking care of this.
Cheers,
--
Miguel Landaeta, mig
and a sponsor for an upload to unstable. If
everything works as intended, I will open a new RT ticket for a
stable-security update.
The package was uploaded to mentors. It is also available in Git.
http://mentors.debian.net/debian/pool/main/libs/libspring-java/libspring-java_3.0.6.RELEASE-11.dsc
backported the
patch to the stable release of libspring-java. If we decide to push on
with this, I suggest we keep the security team informed by adding them
to CC.
> I'm working on a local branch right now so I'll be sure not to push
> anything into master for the time being.
On Wed, Dec 4, 2013 at 2:08 PM, Markus Koschany wrote:
> Hi all,
>
> while I was working on libjackson-json-java and Co., I saw that
> libspring-java is currently affected by a potential security
> vulnerability, a XML External Entity (XXE) Injection in the Spring
> Framework
Hi all,
while I was working on libjackson-json-java and Co., I saw that
libspring-java is currently affected by a potential security
vulnerability, a XML External Entity (XXE) Injection in the Spring
Framework.
The security advisory recommends that all users of version 3.x should
upgrade to
On Thu, Oct 10, 2013 at 11:22 AM, Emmanuel Bourg wrote:
> Le 10/10/2013 15:30, Stephen Nelson a écrit :
> > I'm looking at packaging a new upstream version of libspring-java.
> > However upstream has switched to using gradle to build the code. What
> > is the correct wa
Le 10/10/2013 15:30, Stephen Nelson a écrit :
> I'm looking at packaging a new upstream version of libspring-java.
> However upstream has switched to using gradle to build the code. What
> is the correct way to package for Debian in this instance?
Not sure, but I think you have to p
I'm looking at packaging a new upstream version of libspring-java.
However upstream has switched to using gradle to build the code. What
is the correct way to package for Debian in this instance?
Many thanks
Stephen
--
To UNSUBSCRIBE, email to debian-java-requ...@lists.debian.org
w
On 09/25/2013 08:55 AM, Emmanuel Bourg wrote:
> Hi all,
>
> I updated the libspring-java package to remove the dependency on
> libbackport-util-concurrent-java and I'm looking for a sponsor to upload it.
Uploaded and tagged.
Cheers,
tony
signature.asc
Description: OpenPGP digital signature
Hi all,
I updated the libspring-java package to remove the dependency on
libbackport-util-concurrent-java and I'm looking for a sponsor to upload it.
Here is the changelog:
* Updated debian/watch to fetch the tarball from Github
* Removed the dependency on backport-util-concurrent
On Sun, Mar 27, 2011 at 9:22 AM, Damien Raude-Morvan
wrote:
> Le Tuesday 01 March 2011 03:07:18, Miguel Landaeta a écrit :
> I've updated your changelogs to target "squeeze-backports" and tagged all this
> in Git/Svn and they are now waiting in squeeze-backports NEW queue !
That's awesome. Thank
astor.git (squeeze-backports branch)
> svn://svn.debian.org/svn/pkg-java/branches/spring-build/squeeze-backports
> svn://svn.debian.org/svn/pkg-java/branches/libspring-java/squeeze-backports
I've updated your changelogs to target "squeeze-backports" and tagged all this
in Git/
Hello team,
I was wondering if there is anyone else besides me interested
on having libspring-java available in squeeze-backports.
This package was in the works since quite a long time and it
was finally uploaded to the archive right after the freeze.
IMO, it would be a shame to not have it
31 matches
Mail list logo
