Your message dated Wed, 01 Oct 2014 03:23:59 +0000 with message-id <e1xzawf-0001sq...@franck.debian.org> and subject line Bug#758972: fixed in mojarra 2.2.8-1 has caused the Debian Bug report #758972, regarding Please remove mojarra to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 758972: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758972 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mojarra Version: 2.0.3-3 Severity: critical Tags: security Please remove mojarra source package from Debian as it has been unmaintained and contains several unfixed security vulnerabilities with no replies from maintainer. https://packages.debian.org/source/sid/mojarra http://packages.qa.debian.org/m/mojarra.html https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=mojarra CVE-2012-2672: https://bugs.debian.org/677194 Jun 2012 CVE-2013-5855: https://bugs.debian.org/740586 Mar 2014 Moritz commented to this in private email: """ Unmaintained packages should be removed, but spring build-depends on one of the libs from mojarra: jmm@pisco:~$ build-rdeps libjsf-api-java Reverse Build-depends in main: ------------------------------ libspring-java So it needs to be checked whether that can be dropped from Spring. """ If maintainer shows some activity I could help to get these issues fixed. --- Henri Salo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: mojarra Source-Version: 2.2.8-1 We believe that the bug you reported is fixed in the latest version of mojarra, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 758...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Miguel Landaeta <nomad...@debian.org> (supplier of updated mojarra package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 30 Sep 2014 22:37:55 -0300 Source: mojarra Binary: libjsf-api-java libjsf-java-doc Architecture: source all Version: 2.2.8-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Miguel Landaeta <nomad...@debian.org> Description: libjsf-api-java - JavaServer Faces 2.2 Java EE web framework - API libjsf-java-doc - Documentation for libjsf-api-java Closes: 677194 738110 740586 749206 758972 759163 759634 Changes: mojarra (2.2.8-1) unstable; urgency=medium . [ Markus Koschany ] * New upstream release. (Closes: #758972, #759163). This fixes the following security issues: - CVE-2013-5855. (Closes: #740586). - CVE-2012-2672. (Closes: #677194). * Drop B-D on libtomcat6-java. (Closes: #749206, #759634). * Update copyright file. * Wrap and sort fields in d/control. * Add README.source. . [ Miguel Landaeta ] * Update my maintainer email address. * Switch build tool to Javahelper. * Drop libjsf-impl-java package. Reason: it can't be built with software available in the archive. * Provide Maven artifacts. (Closes: #738110). * Bump Standards-Version to 3.9.6. No changes were required. * Replace dependencies on libservlet2.5-java with libservlet3.0-java. Checksums-Sha1: 81fb42612a7bde6d0c003625f5c8ab7aaf71f102 2389 mojarra_2.2.8-1.dsc e9b06693705bb092ca186dd0b768aeb7afb9f3af 691636 mojarra_2.2.8.orig.tar.xz 922e906c155feb9c59186ceeafe72c55dddeae22 12872 mojarra_2.2.8-1.debian.tar.xz d8f45d7ffd71366e383551398729bd5b646b6487 573254 libjsf-api-java_2.2.8-1_all.deb e44af95025080b27112795a082582e2dab57717e 539620 libjsf-java-doc_2.2.8-1_all.deb Checksums-Sha256: 102a7b12d5da049564f24f5075717c895d61723bf955ebfddb3efeafef034ce8 2389 mojarra_2.2.8-1.dsc 87664bb6b29489ea938109152f174c687f5db6bda242e7204a2b5da777e6c7cd 691636 mojarra_2.2.8.orig.tar.xz 46ee91c594eb8186706b45a094a40ff3112fef9540ce436c43d63ce4a293d7b8 12872 mojarra_2.2.8-1.debian.tar.xz 9e2fd02f97885a97135cbb62398d00b9f8a5514d82e847841b8387117478a532 573254 libjsf-api-java_2.2.8-1_all.deb a84fa09bfc6b1cfaf90059005e5e8e857cb5fce5e69c6084a73db806690e3ebd 539620 libjsf-java-doc_2.2.8-1_all.deb Files: ee2f71e1d5761099f9a248ddf86ab74e 573254 java optional libjsf-api-java_2.2.8-1_all.deb 765566bd7bd533d899ea086fafaa1dfe 539620 doc optional libjsf-java-doc_2.2.8-1_all.deb 0ce0aa092f8036faf99ebc6d754e5c61 2389 java optional mojarra_2.2.8-1.dsc 2eb03d031e2baba1afe9351e5c2181d3 691636 java optional mojarra_2.2.8.orig.tar.xz 958a5fc89211c191ef7a32e91dcc52ce 12872 java optional mojarra_2.2.8-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJUK2iNAAoJEGIODQuJV82l+swQALUXMeF7us+y43d6/+FnZTj2 8Gor4ScJGG+NCW6rcDB+pMbuJsjbDUKfs6/vRx68JE3SAgU0RYD36RYw22mltfyW 96EQlA6S/y3AVjtsZk2hqQTsQvRypVpRwkAfDiWbjnBTCTSVjnR8vOwzLesW8DL6 KjLArFPdDwXUSgvA9Ak/c6pJ90aFLMxJvgqiG0eXv528wkqnCsiQqPm7OZSmCMx5 tRhyAYoGKNQX8uiuQSmaP6VG/6sQp4xGDnYQFLKMkFfx6tVxXFaz80e1ca4BghsB 34oRWtlyK6GMZii7NxYMvF5TsWdDRU8YajUOB/CZYrT+2ihaRfYcK+kAN3zzCncB ZPOld/Cx31WY5KPeZrqFL/ayGupdmb3OZxcgIjoHjEUVl56nY0tT7uOLdfV52Oc8 6GzkgPVbiuGsYxXPBzz9FYG+3lqRCIpOXvzV4GebWnzXftc5ZaGX0YyGOxZ19x9U yclbjda7ZDWKft+pT+N4udTLA1tvY1WBt7zoD5/gNr/SPNeVo27mJncd3vhn5YSd SoUhRcGrPPofejSy/w6BslFAarA7iAXkq/2Gxz7FRDlB/pBzg9kMEkK2yyN65DAc 2F404c/nbMwTw0MdwRgn8UxLs8/1yzE0bcXlEJ7Els9E3EcCIayrnrJ0xAIQw+Sw Wf5Pac1IH6/99wwgZGWq =EGZP -----END PGP SIGNATURE-----
--- End Message ---
