Your message dated Fri, 31 Oct 2008 22:17:14 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#267040: fixed in classpath 2:0.97.2-1.1
has caused the Debian Bug report #267040,
regarding remote code execution hole due to lack of Java security manager
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
267040: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267040
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: gcjwebplugin
Version: 0.3.0-1
Severity: normal
Tags: security
The gcjwebplugin web page (http://www.nongnu.org/gcjwebplugin/) has the
following very prominent warning:
WARNING:
The current version does not provide a security manager capable of
handling Java (tm) applets. Applets have UNRESTRICTED access to your
computer. This means they can do anything you can do, like deleting all
your important data.
Does this apply to the Debian package? Assuming that it does, I feel
that a similar warning should be shown. It could be included in the
Description, but I think that something even more prominent is justified
considering the seriousness of the problem. For example, there could be
a high-priority debconf question saying "A malicious web page could
trash your system, are you sure you want to install this?".
Regards, --Phil.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (900, 'testing'), (800, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.3-1-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8
Versions of packages gcjwebplugin depends on:
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libgcc1 1:3.4.1-4sarge1 GCC support library
ii libglib2.0-0 2.4.2-1 The GLib library of C routines
ii libstdc++5 1:3.3.4-2 The GNU Standard C++ Library v3
ii sablevm 1.1.6-2 Free implementation of Java Virtua
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: classpath
Source-Version: 2:0.97.2-1.1
We believe that the bug you reported is fixed in the latest version of
classpath, which is due to be installed in the Debian FTP archive:
classpath-common-unzipped_0.97.2-1.1_all.deb
to pool/main/c/classpath/classpath-common-unzipped_0.97.2-1.1_all.deb
classpath-common_0.97.2-1.1_all.deb
to pool/main/c/classpath/classpath-common_0.97.2-1.1_all.deb
classpath-doc_0.97.2-1.1_all.deb
to pool/main/c/classpath/classpath-doc_0.97.2-1.1_all.deb
classpath-gtkpeer_0.97.2-1.1_amd64.deb
to pool/main/c/classpath/classpath-gtkpeer_0.97.2-1.1_amd64.deb
classpath-qtpeer_0.97.2-1.1_amd64.deb
to pool/main/c/classpath/classpath-qtpeer_0.97.2-1.1_amd64.deb
classpath_0.97.2-1.1.diff.gz
to pool/main/c/classpath/classpath_0.97.2-1.1.diff.gz
classpath_0.97.2-1.1.dsc
to pool/main/c/classpath/classpath_0.97.2-1.1.dsc
classpath_0.97.2-1.1_amd64.deb
to pool/main/c/classpath/classpath_0.97.2-1.1_amd64.deb
jikes-classpath_0.97.2-1.1_all.deb
to pool/main/c/classpath/jikes-classpath_0.97.2-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Finney <[EMAIL PROTECTED]> (supplier of updated classpath package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 26 Oct 2008 21:45:32 +0100
Source: classpath
Binary: classpath classpath-gtkpeer classpath-qtpeer classpath-common
classpath-common-unzipped classpath-doc jikes-classpath
Architecture: source all amd64
Version: 2:0.97.2-1.1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <[EMAIL PROTECTED]>
Changed-By: Sean Finney <[EMAIL PROTECTED]>
Description:
classpath - clean room standard Java libraries
classpath-common - clean room standard Java libraries - architecture
independent fil
classpath-common-unzipped - clean room standard Java libraries - architecture
independent fil
classpath-doc - clean room standard Java libraries - free Java API
documentation
classpath-gtkpeer - clean room standard Java libraries - GTK+ AWT peer
classpath-qtpeer - clean room standard Java libraries - QT AWT peer
jikes-classpath - clean room standard Java libraries - wrapper for jikes
Closes: 267040
Changes:
classpath (2:0.97.2-1.1) unstable; urgency=high
.
* Non-maintainer upload.
* Redisable gcjwebplugin for all architectures, since the security
issues are not considered to be adequately resolved for lenny and the
icedtea-gcjwebplugin is now available (closes: #267040).
Checksums-Sha1:
fe0b65edc5db7fc3fb80e15eb684f6a8c8a6c016 1808 classpath_0.97.2-1.1.dsc
c3c0e80c726d15095123757175fe8ced0fc044b8 15448 classpath_0.97.2-1.1.diff.gz
8fe68467cb42586e2efde29e5345db25ff6b4719 9251964
classpath-common_0.97.2-1.1_all.deb
63e4b8c5cc43b3436b642c225c9868eb48efc7bb 6375694
classpath-common-unzipped_0.97.2-1.1_all.deb
cee7b472af626fd30c8cb19faf205dea61553cee 30243524
classpath-doc_0.97.2-1.1_all.deb
c1dd07e2311c6900a0265aae5a47f81ff2e35c04 23350
jikes-classpath_0.97.2-1.1_all.deb
bbeffd3aed59cee55d9ea9e8469a23a54839e4f4 174372 classpath_0.97.2-1.1_amd64.deb
2f5c86cf61c34a2fde1745eb3f5107cc7fdeebd8 103156
classpath-gtkpeer_0.97.2-1.1_amd64.deb
2e3362d958fc9d3e8697fa28bc99742080d7f4f5 105676
classpath-qtpeer_0.97.2-1.1_amd64.deb
Checksums-Sha256:
0b65301eb895a7f3c31cd143f785f5ce572d03b9063a12e52e2e485237c715a5 1808
classpath_0.97.2-1.1.dsc
17cad0e6b4004db73d0deee6656aabfe1bc2a670c5f5290fede05dd55bf0ec3c 15448
classpath_0.97.2-1.1.diff.gz
c92652a83fb6dfed806b706882228465cf39b75ae527cb4e4a82ef2e2f8be2b0 9251964
classpath-common_0.97.2-1.1_all.deb
bf2a30ff0725dc9f98c2c635bc9263c7225da3ef8775d33276cdde436b57c3d3 6375694
classpath-common-unzipped_0.97.2-1.1_all.deb
edd9196d1464c004ea7d162e45180d347428615b55682e0f3e7e3209ea7b69f1 30243524
classpath-doc_0.97.2-1.1_all.deb
4ec6acce573a367763867e0daaf127e04e1ebc0745907527cb5ea56d9a40722d 23350
jikes-classpath_0.97.2-1.1_all.deb
adb4751b952d00d06abb8b9b96e69ac546cc3b34bfecb74d98467f542673f96a 174372
classpath_0.97.2-1.1_amd64.deb
09140534e8a771fb5d5f49e60fc65db0856234c6248528dabcfb49b05a6dfc9c 103156
classpath-gtkpeer_0.97.2-1.1_amd64.deb
570d26413c3c742e7a55570145fa473bba834e92a32807610cf23fde849b5d73 105676
classpath-qtpeer_0.97.2-1.1_amd64.deb
Files:
8c7bcfaf551f680b93c0b4f0dc44fd0e 1808 libs optional classpath_0.97.2-1.1.dsc
ab7e1e809cac44c83713fc5b95ff6586 15448 libs optional
classpath_0.97.2-1.1.diff.gz
1ea1bcace585b6bd8ac41e0cfadb2422 9251964 libs optional
classpath-common_0.97.2-1.1_all.deb
c34b5ea7883eff7c8ee8c3d363ece595 6375694 libs optional
classpath-common-unzipped_0.97.2-1.1_all.deb
9440e625d00328d4a5556c492fecef9d 30243524 doc optional
classpath-doc_0.97.2-1.1_all.deb
ec150d5267c836a4f3cc53becaf118bf 23350 devel optional
jikes-classpath_0.97.2-1.1_all.deb
108c30665479c8cbaafe49e03bd4cc3d 174372 libs optional
classpath_0.97.2-1.1_amd64.deb
522d1d7ca97fed9ad0230dbefdc6f055 103156 libs optional
classpath-gtkpeer_0.97.2-1.1_amd64.deb
6cdf50b10a183c3d5afc63219cc94b39 105676 libs optional
classpath-qtpeer_0.97.2-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJBOJIynjLPm522B0RAqpUAJ9PqicCpb+IOdBHPq0JurZ+hgXVfgCff5xC
uxwdDwPURsibhww62DyxZAU=
=sf8W
-----END PGP SIGNATURE-----
--- End Message ---
