Your message dated Sat, 07 May 2016 21:52:01 +0000 with message-id <e1aza8n-0007gw...@franck.debian.org> and subject line Bug#823703: fixed in jackson-dataformat-xml 2.7.4-1 has caused the Debian Bug report #823703, regarding CVE-2016-3720 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 823703: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823703 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jackson-dataformat-xml Severity: grave Tags: security jackson-dataformat-xml is susceptible to XXE attacks, this was assigned CVE-2016-3720. Fix is here: https://github.com/FasterXML/jackson-dataformat-xml/commit/f0f19a4c924d9db9a1e2830434061c8640092cc0 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: jackson-dataformat-xml Source-Version: 2.7.4-1 We believe that the bug you reported is fixed in the latest version of jackson-dataformat-xml, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 823...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg <ebo...@apache.org> (supplier of updated jackson-dataformat-xml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 07 May 2016 23:38:14 +0200 Source: jackson-dataformat-xml Binary: libjackson2-dataformat-xml-java libjackson2-dataformat-xml-java-doc Architecture: source all Version: 2.7.4-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebo...@apache.org> Description: libjackson2-dataformat-xml-java - fast and powerful JSON library for Java -- XML dataformat libjackson2-dataformat-xml-java-doc - Documentation for Jackson-dataformat-XML Closes: 823703 Changes: jackson-dataformat-xml (2.7.4-1) unstable; urgency=high . * Team upload. * New upstream release - Fixes CVE-2016-3720: XXE vulnerability in XmlMapper (Closes: #823703) Checksums-Sha1: 80a5baa2f8e2fe0b4601869b977f35412a5841e5 2589 jackson-dataformat-xml_2.7.4-1.dsc eb7c33df978d3851d0beec885d0d93d637e9743b 77512 jackson-dataformat-xml_2.7.4.orig.tar.xz 2319a3b5e21ef4dff9f9c33878076bef78fd362d 4300 jackson-dataformat-xml_2.7.4-1.debian.tar.xz b7693623bf186e12797fe2e9d463c13db783da6e 88738 libjackson2-dataformat-xml-java-doc_2.7.4-1_all.deb 6feee9eb66c69d76b12a1db0fb546de9fb5eff22 90406 libjackson2-dataformat-xml-java_2.7.4-1_all.deb Checksums-Sha256: 4d4d19c6eb65a2930f8a6d526af6ef75bee7b26f216b8adc75269081af1e8514 2589 jackson-dataformat-xml_2.7.4-1.dsc 93129a57eb13bcae5f07d778f26db61094c24155ae857fc6c6b12c1d04532ff6 77512 jackson-dataformat-xml_2.7.4.orig.tar.xz 1cb3f996fa8d4c5d26284e1898feed2368a4098a0a5cbb542e4c0cb30a3c14d5 4300 jackson-dataformat-xml_2.7.4-1.debian.tar.xz f0272c9befd757b627eaae51a3f81f02ac7b2062c4d6016751d231d727d1ac32 88738 libjackson2-dataformat-xml-java-doc_2.7.4-1_all.deb 241dafa71d8dbce6495f7f13ea364679ee38c7ba46ce1bdd4c9f728cc18befb5 90406 libjackson2-dataformat-xml-java_2.7.4-1_all.deb Files: a080fbaeb78eef49e824bdd18d22b8b5 2589 java optional jackson-dataformat-xml_2.7.4-1.dsc 68db98268a525dc8406bfd1541deca33 77512 java optional jackson-dataformat-xml_2.7.4.orig.tar.xz 9c4a81c56bb7b098bff4335b41aff859 4300 java optional jackson-dataformat-xml_2.7.4-1.debian.tar.xz 25b3df4a9161c76be47b081ca8277a21 88738 doc optional libjackson2-dataformat-xml-java-doc_2.7.4-1_all.deb 17e00026bfe7a19d526b2de90a1b1ea1 90406 java optional libjackson2-dataformat-xml-java_2.7.4-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXLmDZAAoJEPUTxBnkudCs4rsP/iagEOfD+mf0if35h5UmYw1P wOr0KgvAma3L8uifvi1qMtW5I/4kG579t/cKTsCbbTo9KZOaeCXdjCWCNNzCEA0c H5lyi+nPyrotGd121Gje713b1UWJ6zTlylygfQ4b5awOyoz7kVyC4E6H1ItecTpZ xP6QTGunAjkTY2/OOzK0uhn1/gPnbyeM2N7Vaw8MhNA26KuXh8PJC9rLsLYmtv75 9td176mB0+C1Two+dpuhAlIqve0uhD8FTUkZV8eIHoYNC3XniDCpkSKHcsKjEU7y Klmt+nocMS33gE/DUh0iPuFT+re4bFqphFYhLkrr8IeHbPEtquTHrjA3isEaw/oz n0+glOcN4yFXnsABLVk7NrL86lSGxNxXlBu0qPOqH6WDi+FlSzLhEhykNd+WeLRY gV/S/OPlipiqQDY0EyTouT9lA3z7eQFDkZ90xH/u8lw3NHzZO1j7O68k8UBl7V7f Yms80h5mCZBMaRkqqR9/Y0p9RUsvlHFACxo0XwawJpyn05wGb0xqc9A5ko9qM7Wp MYiXFaZW0C7pnqtK/XUCrVMllC6oqOrabuH1LTfMc3V6L4cFSHSnHZFhwrDwKwNS XGzj1jzbT1kt+q2hKfa8Q6mODp2uecn6pxyeMCG0K6ldrDgF+2mBp4/wiNHFOdbm eQV8o82cAY+xmGOkGLwa =01XI -----END PGP SIGNATURE-----
--- End Message ---
