Your message dated Mon, 20 Feb 2012 22:49:11 +0000 with message-id <e1rzc2h-00010u...@franck.debian.org> and subject line Bug#650430: fixed in mojarra 2.0.3-1+squeeze1 has caused the Debian Bug report #650430, regarding Mojarra: CVE-2011-4358 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 650430: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650430 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mojarra Severity: grave Tags: security patch Hi there, A vulnerability against mojarra have been reported. http://www.openwall.com/lists/oss-security/2011/11/29/1 Please, check the reference to a get a patch and a PoC. Best Regards, /luciano
--- End Message ---
--- Begin Message ---Source: mojarra Source-Version: 2.0.3-1+squeeze1 We believe that the bug you reported is fixed in the latest version of mojarra, which is due to be installed in the Debian FTP archive: libjsf-api-java_2.0.3-1+squeeze1_all.deb to main/m/mojarra/libjsf-api-java_2.0.3-1+squeeze1_all.deb libjsf-impl-java_2.0.3-1+squeeze1_all.deb to main/m/mojarra/libjsf-impl-java_2.0.3-1+squeeze1_all.deb libjsf-java-doc_2.0.3-1+squeeze1_all.deb to main/m/mojarra/libjsf-java-doc_2.0.3-1+squeeze1_all.deb mojarra_2.0.3-1+squeeze1.debian.tar.gz to main/m/mojarra/mojarra_2.0.3-1+squeeze1.debian.tar.gz mojarra_2.0.3-1+squeeze1.dsc to main/m/mojarra/mojarra_2.0.3-1+squeeze1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 650...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Miguel Landaeta <mig...@miguel.cc> (supplier of updated mojarra package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 29 Nov 2011 19:45:48 -0430 Source: mojarra Binary: libjsf-api-java libjsf-impl-java libjsf-java-doc Architecture: source all Version: 2.0.3-1+squeeze1 Distribution: stable-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Miguel Landaeta <mig...@miguel.cc> Description: libjsf-api-java - JavaServer Faces 2.0 Java EE web framework - API libjsf-impl-java - JavaServer Faces 2.0 Java EE web framework - Implementation libjsf-java-doc - Documentation for libjsf-api-java Closes: 650430 Changes: mojarra (2.0.3-1+squeeze1) stable-security; urgency=high . * Fixed critical bug by not allowing the value of UIViewParam to be an EL Expression: CVE-2011-4358. (Closes: #650430). Checksums-Sha1: 80af96980131d17992e4b513e4261bf0c10fb198 1901 mojarra_2.0.3-1+squeeze1.dsc ce1cfc55dcbf12ddb56d4f7302c8aaef9514cfd4 3297582 mojarra_2.0.3.orig.tar.gz bf07bf5c7dec6c8796aee7a46aa8ab7609a97531 17690 mojarra_2.0.3-1+squeeze1.debian.tar.gz 59990e28dfa7e38194d4d44b8feb1b7d2aab2fc4 432880 libjsf-api-java_2.0.3-1+squeeze1_all.deb 624d10dc0757f55ea7357132ea8cb387151a7662 1410476 libjsf-impl-java_2.0.3-1+squeeze1_all.deb b378bb22961c1623215425e245239d1d48dbc5fc 970868 libjsf-java-doc_2.0.3-1+squeeze1_all.deb Checksums-Sha256: 1cf2d6ae5e6b19e89cd0a9da59198d60f139513c82b4375f2798ce8bdf421179 1901 mojarra_2.0.3-1+squeeze1.dsc c5a15ddc0307b39acdd0b75877c85dd755dbaec9deb37578ed2d3de8f65816d5 3297582 mojarra_2.0.3.orig.tar.gz f8d8d08700f741cff7ca1525e5675162d4c58ee88fdebd2a5a1077a4d3566a4b 17690 mojarra_2.0.3-1+squeeze1.debian.tar.gz eb91031cb0aca2e651b962f00b8a5ea2a544811d5eee8fee1f9b438aa88b4745 432880 libjsf-api-java_2.0.3-1+squeeze1_all.deb b60c46ec99c2ab71faf0cb445aeccbd999eff80f1d5bcefe614311ce70d0107c 1410476 libjsf-impl-java_2.0.3-1+squeeze1_all.deb e79608daccabbd22cdbee0b8cb765fa6011f6f658e7480fed65b94b662424a13 970868 libjsf-java-doc_2.0.3-1+squeeze1_all.deb Files: 622e7ea9f1dbf018f6818d4555f0778d 1901 java optional mojarra_2.0.3-1+squeeze1.dsc 6d9b588e56dabbb4b4d684a4730c8f03 3297582 java optional mojarra_2.0.3.orig.tar.gz 03b441a5e9f69266670ed2f05d7a0044 17690 java optional mojarra_2.0.3-1+squeeze1.debian.tar.gz ea73cc3ea8dd5165279fe718c01c8ff6 432880 java optional libjsf-api-java_2.0.3-1+squeeze1_all.deb 2ed366d8176100d01a79a8308b824f79 1410476 java optional libjsf-impl-java_2.0.3-1+squeeze1_all.deb c3e1e043dfa3527fcfb9b1c6a299b21c 970868 doc optional libjsf-java-doc_2.0.3-1+squeeze1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJPQsaPAAoJEOxfUAG2iX57mBgIALWxCJZi43G+4AxlHpg2nDit NniWM+8kMlaVamSy8dJTMqhkI7HkQ/JCUfaolHubytd6NvrIu2UxtvwbgUdB0KV1 4qVqFBkLPW7W+86EpwFM5wgRhb7Ryft5GSkM2actqIOoUTHnY64kM7P72vBgCRhD R2IJx1DVxT3eayn+setjy8k712Et32IyokhrODWPmvLW/r6bGWPijDH9AkHvDs07 /OZjeIW+dD5ui8oYdAYer8J6soM3rnwm4EDtv/nKEDGd5aomBZEF0lc6QjwD/vg0 w4Rg+asbZlw6cIsZfxTrVBF0xaViL3J/qqemWcA2Ye3d5UdgVtCaNyiV28v2Kf8= =a6qo -----END PGP SIGNATURE-----
--- End Message ---
