Bug#973381: marked as done (CVE-2020-5421)

[Debian Bug Tracking System]

Your message dated Sun, 10 Jan 2021 21:49:20 +0000
with message-id <e1kyiao-0001qo...@fasolo.debian.org>
and subject line Bug#973381: fixed in libspring-java 4.3.30-1
has caused the Debian Bug report #973381,
regarding CVE-2020-5421
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
973381: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libspring-java
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>

Please see https://tanzu.vmware.com/security/cve-2020-5421

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: libspring-java
Source-Version: 4.3.30-1
Done: Emmanuel Bourg <ebo...@apache.org>

We believe that the bug you reported is fixed in the latest version of
libspring-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 973...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated libspring-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 Jan 2021 22:30:25 +0100
Source: libspring-java
Architecture: source
Version: 4.3.30-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Closes: 973381 979723
Changes:
 libspring-java (4.3.30-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release
     - Refreshed the patches
     - Fixes CVE-2020-5421: RFD Protection Bypass via jsessionid
       (Closes: #973381)
   * No longer build the deprecated classes dedicated to JRuby scripting.
     JRuby can still be used with the javax.script API (Closes: #979723)
   * Standards-Version updated to 4.5.1
Checksums-Sha1:
 974e493e89534d5a8c0a40b372ec60dede6b4215 5260 libspring-java_4.3.30-1.dsc
 5f11ffe48d283174ca5ccb7683f40a94f3cd9f96 7208172 
libspring-java_4.3.30.orig.tar.xz
 c602a31deec607d5eaf072eeb5fedf6fd336ef02 21008 
libspring-java_4.3.30-1.debian.tar.xz
 09f98172fb6872de5f6b34e920948f8ab0d9dac0 13916 
libspring-java_4.3.30-1_source.buildinfo
Checksums-Sha256:
 695de59f936ac809be028d76d75d3f194d8a73d6415220c24a84d52558eb6c71 5260 
libspring-java_4.3.30-1.dsc
 80b31da14c048f74a0ce0753092228eac751e33fe05bec5f251cdb3a7aed91ca 7208172 
libspring-java_4.3.30.orig.tar.xz
 a37fcec130da198b73120f194a87098c14dec141653a4b1e2bb9feff764f2890 21008 
libspring-java_4.3.30-1.debian.tar.xz
 040f11ae6925e637a70fff3f3d8359fe5703e9bbca757abddfbd62b2071f2a58 13916 
libspring-java_4.3.30-1_source.buildinfo
Files:
 50a21730a81356cc64b012f2505a62c6 5260 java optional libspring-java_4.3.30-1.dsc
 8bc2fa2f91a2a6f093ee23a43b4957ce 7208172 java optional 
libspring-java_4.3.30.orig.tar.xz
 3b85796322a6f454f64f976e0f96bb44 21008 java optional 
libspring-java_4.3.30-1.debian.tar.xz
 055e3d3ba288608feb4e4e9a8aa62680 13916 java optional 
libspring-java_4.3.30-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl/7cmgSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsPowP/A2Vw1uXobo+QVlSfJnek0UvOgrdvABA
ZFwu2WBjr+RnVlz2cUkjc1S2LeEjGCjgJhSe3+P3Pjx/lNR7x4QQGZ4eBbjNJS3R
EF1oLfr+5An6ODwwY/2b6dc+Rpq54drbYp6Ps++yzCzdhhQWNtGU4wAOI6fl5YFM
IUx8U24txIXRdedutXu9+MICb30V6c8ylQ7c8aQCP2fsGYhMufZPy38wT5lPPIxN
rjn4ACuyrSVr87Uw4aXABqd3LYWo2tI9kuYRUazIF1+K5HW1f2cipAYhKrG3lpYy
5vqztl0FmWg8PtGHxd0+nkQ5jdn3SJs3S8PHyyMzlBg4Q3qH1tMbYmY/5bW7XB2C
OiJ23u8eNdg1UgZCf5AaO4dVnyZewiYLup0OEBMZ3TNctjVRlVzhFnwlDtS2xaYl
89Q1G7ll45UE6ok2Db3s8Et+KGueMVnLBvxOglv/49md/nYoVYBDn+fV2d99hy0x
Uk5YC+wBBeVLruge9mroVUvjuxFwqtvUjqUWkuzTBqqlWzHSsOmzauJr0k3XM3rY
QnvVME6+Ys3nLZNm78sed8W/J03jVLIWd69M+g1o4J2wJXzzxeZZojrx7DyUxrjH
P03rTbc354Q6u6gYhSVA4ma7J2p4KNS3jtafWjQMiZkF/7yxnJNq1oCLcB0aJkJg
B4Qfbancz5yd
=UIpD
-----END PGP SIGNATURE-----

--- End Message ---