Your message dated Sat, 30 Jun 2012 09:48:00 +0000
with message-id <e1skuhy-0001wp...@franck.debian.org>
and subject line Bug#677814: fixed in libspring-2.5-java 2.5.6.SEC02-2+squeeze1
has caused the Debian Bug report #677814,
regarding CVE-2011-2730
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
677814: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libspring-security-2.0-java
Severity: grave
Tags: security
Please see
http://www.securityfocus.com/archive/1/519593/30/0/threaded
http://www.springsource.com/security/cve-2011-2731
http://www.springsource.com/security/cve-2011-2732
http://www.springsource.com/security/cve-2011-2894
CVE-2011-2894 seems to affect libspring-java? If so, please clone or
reassign as needed.
CVE-2011-2730 seems to affect libspring-2.5-java? If so, please clone or
reassign as needed.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libspring-2.5-java
Source-Version: 2.5.6.SEC02-2+squeeze1
We believe that the bug you reported is fixed in the latest version of
libspring-2.5-java, which is due to be installed in the Debian FTP archive:
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
to
main/libs/libspring-2.5-java/libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
to main/libs/libspring-2.5-java/libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
to
main/libs/libspring-2.5-java/libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 677...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Damien Raude-Morvan <draz...@debian.org> (supplier of updated
libspring-2.5-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 17 Jun 2012 00:13:30 +0200
Source: libspring-2.5-java
Binary: libspring-core-2.5-java libspring-beans-2.5-java libspring-aop-2.5-java
libspring-context-2.5-java libspring-context-support-2.5-java
libspring-web-2.5-java libspring-webmvc-2.5-java
libspring-webmvc-struts-2.5-java libspring-webmvc-portlet-2.5-java
libspring-test-2.5-java libspring-tx-2.5-java libspring-jdbc-2.5-java
libspring-jms-2.5-java libspring-orm-2.5-java libspring-aspects-2.5-java
Architecture: source all
Version: 2.5.6.SEC02-2+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Damien Raude-Morvan <draz...@debian.org>
Description:
libspring-aop-2.5-java - modular Java/J2EE application framework - AOP
libspring-aspects-2.5-java - modular Java/J2EE application framework - Bundled
aspects
libspring-beans-2.5-java - modular Java/J2EE application framework - Beans
libspring-context-2.5-java - modular Java/J2EE application framework - Context
libspring-context-support-2.5-java - modular Java/J2EE application framework -
Context Support
libspring-core-2.5-java - modular Java/J2EE application framework - Core
libspring-jdbc-2.5-java - modular Java/J2EE application framework - JDBC tools
libspring-jms-2.5-java - modular Java/J2EE application framework - JMS tools
libspring-orm-2.5-java - modular Java/J2EE application framework - ORM tools
libspring-test-2.5-java - modular Java/J2EE application framework - Test
helpers
libspring-tx-2.5-java - modular Java/J2EE application framework - transaction
libspring-web-2.5-java - modular Java/J2EE application framework - Web
libspring-webmvc-2.5-java - modular Java/J2EE application framework - MVC
libspring-webmvc-portlet-2.5-java - modular Java/J2EE application framework -
Portlet MVC
libspring-webmvc-struts-2.5-java - modular Java/J2EE application framework -
Struts MVC
Closes: 677814
Changes:
libspring-2.5-java (2.5.6.SEC02-2+squeeze1) stable-security; urgency=high
.
* Backport fix for CVE-2011-2730: Spring Framework information disclosure
from 2.5.6.SEC03 on upstream maintainance repository (Closes: #677814):
- d/patches/CVE-2011-2730.diff: A new context parameter has been added
called springJspExpressionSupport. When true (the default) the existing
behaviour of evaluating EL within the tag will be performed. When running
in an environment where EL support is provided by the container, it is
strongly recommended that this is set to false
Checksums-Sha1:
523ef5f79c189ec83bd3a68e9e13aa50b5dd3aab 3549
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
dd5a0e983f645a0f391ae625536da9df58943e70 3799233
libspring-2.5-java_2.5.6.SEC02.orig.tar.gz
abdbc17fee41ac9b427c56e34bf00dd06342de69 26231
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
28957e3eeb5288fb1de489a137e2cc00bec1f26a 395842
libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
386cb0f6385d6a4b936f44501a6ce1f044f638ed 528006
libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
71a1c8efb1b2b414217f69614cd8e0b2bfd14d87 375454
libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
86937964c043237beafc1832be474da1b4d090a7 495402
libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
a8a340cadb1fb0171d4ee6842de96da2732c01a0 181304
libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
25d39c39d4000243adb8a2f29131fe6153d675d3 264900
libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
cac77b4c1bdecc46de35f69dff45d07fd4a1b9f3 450174
libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
5a66be71de266c503604548d360ceedb62d878b2 127812
libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
b0529f235dc9f86690341b838216142ce2d72c92 227864
libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
d2502953d3b6f45f618f3c1c7c64d6762bfffcff 257226
libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
5d13bfa6319c19d167361078f3c600dfd071a50b 282680
libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
5beed2518636a9f3a447815d7687d38af48cd9d7 386192
libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
d18efbc4beaf68f609deee38679176e34ef842fa 263874
libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
ec2415f379ad3744614142874f3f26d0aa3d2f05 417856
libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
ff246ead12fc45bb0342e4569f9e0be2b33db33d 99656
libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
Checksums-Sha256:
2fc3adee48d18e4bc81e7378b1b607c4e4cdea8e8c998a4c9a9a2ebd5deb6b44 3549
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
ab7c417fad156d58857d2968395d04ab8fb699f7f19746886043c2f5d4e1681c 3799233
libspring-2.5-java_2.5.6.SEC02.orig.tar.gz
cfcc80dfffb49ae920d82abf552cce4b2184121f8398d46dd080c94a900f0112 26231
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
39b4a15f6d7aac0dce26ec04a5d4348656fc4bee0989b5c2d809eb505e800e2d 395842
libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
41a23abae3a33024fe00a102bc5bb0dbc127ff81c6879c0f5df3a51d1cfb9f32 528006
libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
70a713150e0b575b8bd5e2ab67e68b181402899020fa458e11b35c8bc7b634c4 375454
libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
5c3fab2e3fc4b40175ed7815dd7e023851e660e86085d4594c8afdf49a4fff8e 495402
libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
e03f71d1a6b6941c461f2fed1a4a8633cac67c4aa019df2ec501668e3dfaa5ea 181304
libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
d366bee5ffb159538c83b0bda91827505792bf88fdc24c1e40a2de40e2795f36 264900
libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
cf6a44f2fbb23bbb510893824abc8faed6374e868fc3b80f965db7b2a140c2f2 450174
libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
da1a4c1c3dc08d46753a3ec9770ba015c7ee55c47173488ae445919bdf5fde52 127812
libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
a874ae9b5b589b3b345ce1c0678f457e049feb53c9e7c69694c68324ff7cac7c 227864
libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
6d5cfb48b5eb425403ce8b8c39f11fc4fd771870c450ae6847c9cd8b02b7564c 257226
libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
6b49bc697c5de8878a740f278997599dc685ae1db80445c6df58d5f3f6f5bb38 282680
libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
6e4909d6276ddd0451172023572b298486dfd419fd4961cff7ff58faddc9a0bb 386192
libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
36a41395a1e27856684f76922066f80e4d174d91c7fb4f1e994431bb829725c3 263874
libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
9dbd94bd46385bda2e26eaf4226fc4a2df8c961c3f3a592640dda628a8935c13 417856
libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
382fc748ad13c31c104d587b8a54fc84e45b2fd12f306f6926e1f3ab06f42280 99656
libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
Files:
437687f99cb7a2dfdb0e449da6630f7d 3549 java extra
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.dsc
15f77cf388dd4f23d3b966115afabea3 3799233 java extra
libspring-2.5-java_2.5.6.SEC02.orig.tar.gz
a1426f1195ecb4bff6d8745e80c5a799 26231 java extra
libspring-2.5-java_2.5.6.SEC02-2+squeeze1.debian.tar.gz
6f8f407483fdd5e9b19d3c5851997de8 395842 java extra
libspring-core-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
322bcc38c0918407f3f3fcff021debe6 528006 java extra
libspring-beans-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
9c228f5592de205f0bb949a33a5f84cb 375454 java extra
libspring-aop-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
751764c6491fabac751abc33f8ce00e3 495402 java extra
libspring-context-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
bf00699aed5786f3ca43f1d6aba663e3 181304 java extra
libspring-context-support-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
64cf3c2c853b768cd23c380b92e487e2 264900 java extra
libspring-web-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
b0ffaeb038a1e9d06f08c225af807404 450174 java extra
libspring-webmvc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
71ee278b1a7659536458d5af109da0ba 127812 java extra
libspring-webmvc-struts-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
23f185c7090f7f3e844f3120fcd5e248 227864 java extra
libspring-webmvc-portlet-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
ce35f9b13736f3a6737f83dad9fce5a9 257226 java extra
libspring-test-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
3e61f92408e04cff13113039976c9612 282680 java extra
libspring-tx-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
cfe5ad94a6abecbe087a6ec046962a3c 386192 java extra
libspring-jdbc-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
bf73d30770c80076093355bd9ae497fc 263874 java extra
libspring-jms-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
3c899c57a1d8fded6abd1b7f2139f676 417856 java extra
libspring-orm-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
f7bc2567064ea975100c08476f038304 99656 java extra
libspring-aspects-2.5-java_2.5.6.SEC02-2+squeeze1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJP6hmSAAoJEHXiDM0z50n8+xsP/2RQSca/MicFu7DmyX6gQ76U
TI6WRzrOiaAtW1lyuDpUF99coOkYxxZsLXOS3PXOb8BnXupCcsCdVoLrVILs0P3b
uRSIM3FbFtvVZ3yWvhyDVQGEBpCmNcjg29b4dkTpU7COvsgm1pPns3bQoRRV5VmW
p+bi+ZeJQq3jkt/sEM0NiLJRl16DMpKItO4v2uLWJi22MQMoEWxdqml/KSQOlvVl
NCAMQqcJ37ee0JAFEQFJv9zYzkvWsuYdKS3k2rXfgConpn/pdYiUt/V0Kp7Zniu9
Rg0iTUKdmIPbJidCTFq1aufvagVXQP6h75/Pslsmt/PC4JsOB73NF2QP0sm1mnKE
6rx6CteUXKafftXdF6fXbeUf8UABCRTdGWfldrGl1QNxJLaKKQWVe0qw/1Yp4IkT
7jIynlHF4nLfBMvDAp/CDKQ8CTFXpfILsRQbCBJ2vO0hBjMM/bnyu5EeFcsyXc8l
L8LHDX1iOByReCD7gboqxs80nA6XunrcZWygryBWgIGjkkQp18HYxg16m3aUEcee
QcRsqOoaQDbK7Lbh8R7O66tuZJtO4wZTfU/ZddmZI5mxcGsnnJydxlGQX1CZ++9i
ETpYMX1ZlKRBvscY7mfycuw1Ygf+Nxnr8OQr8w/BEJdMDnKZOzvGy7aeLz7w0kIM
nOsGmiX04UrSZiLOOCbH
=I/zR
-----END PGP SIGNATURE-----
--- End Message ---
