Debian Bug report logs -
#691900
gwt: CVE-2012-4563
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 31 Oct 2012 06:51:02 UTC
Severity: grave
Tags: security
Fixed in version 2.4.0-1+rm
Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>:
Bug#691900; Package gwt.
(Wed, 31 Oct 2012 06:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>.
(Wed, 31 Oct 2012 06:51:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: gwt
Severity: grave
Tags: security
Justification: user security hole
Please see https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0
under "Security vulnerability in GWT 2.4".
This was assigned CVE-2012-4563
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>:
Bug#691900; Package gwt.
(Thu, 01 Nov 2012 05:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>.
(Thu, 01 Nov 2012 05:42:03 GMT) (full text, mbox, link).
Message #10 received at 691900@bugs.debian.org (full text, mbox, reply):
Le Wed, Oct 31, 2012 at 07:47:07AM +0100, Moritz Muehlenhoff a écrit :
> Package: gwt
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Please see https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0
> under "Security vulnerability in GWT 2.4".
Hi all,
is there a volunteer to step in ? Otherwise, can I try to solve that bug
by upgrading to 2.5.0 ?
Cheers,
--
Charles
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>:
Bug#691900; Package gwt.
(Fri, 02 Nov 2012 01:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>.
(Fri, 02 Nov 2012 01:09:05 GMT) (full text, mbox, link).
Message #15 received at 691900@bugs.debian.org (full text, mbox, reply):
Le Wed, Oct 31, 2012 at 07:47:07AM +0100, Moritz Muehlenhoff a écrit :
> Package: gwt
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Please see https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0
> under "Security vulnerability in GWT 2.4".
>
> This was assigned CVE-2012-4563
Dear Thomas and Java team
In http://bugs.debian.org/684453, you have suggested to transfer the gwt
package under the debian-java umbrella. We agreed, and action was delayed by a
technical problem on the Dpkg side.
It is a bit embarassing to ping you with a grave bug, but if you would like to
take over the package, this is the good moment...
In particular I do not know if the best resolution for this bug is to upgrade
to 2.5.0 or to patch, so I am reluctant to take action by myself, worrying that
I might complicate your work on Gerrit.
Please let me know if I can help,
--
Charles Plessy
Tsurumi, Kanagawa, Japan
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>:
Bug#691900; Package gwt.
(Fri, 02 Nov 2012 06:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to thomas@koch.ro:
Extra info received and forwarded to list. Copy sent to Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>.
(Fri, 02 Nov 2012 06:45:05 GMT) (full text, mbox, link).
Message #20 received at 691900@bugs.debian.org (full text, mbox, reply):
Charles Plessy:
> Dear Thomas and Java team
>
> In http://bugs.debian.org/684453, you have suggested to transfer the gwt
> package under the debian-java umbrella. We agreed, and action was delayed
> by a technical problem on the Dpkg side.
>
> It is a bit embarassing to ping you with a grave bug, but if you would like
> to take over the package, this is the good moment...
>
> In particular I do not know if the best resolution for this bug is to
> upgrade to 2.5.0 or to patch, so I am reluctant to take action by myself,
> worrying that I might complicate your work on Gerrit.
Hi Charles,
thank you for pinging me. I've just spend three days on Debian work. Could you
deal with it by updating to 2.5.0 and also set the maintainer to the java
packaging team?
There's also a Git repo at
http://anonscm.debian.org/gitweb/?p=pkg-java/gwt.git
The branch thkoch_patches contains commits to publish the maven artifacts.
I've also filled a bug at Gerrit and asked them to update to gwt 2.5
Regards,
Thomas Koch, http://www.koch.ro
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>:
Bug#691900; Package gwt.
(Sat, 03 Nov 2012 13:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>.
(Sat, 03 Nov 2012 13:27:03 GMT) (full text, mbox, link).
Message #25 received at 691900@bugs.debian.org (full text, mbox, reply):
Le Fri, Nov 02, 2012 at 07:43:19AM +0100, Thomas Koch a écrit :
> Charles Plessy:
> >
> > In particular I do not know if the best resolution for this bug is to
> > upgrade to 2.5.0 or to patch, so I am reluctant to take action by myself,
> > worrying that I might complicate your work on Gerrit.
>
> Hi Charles,
>
> thank you for pinging me. I've just spend three days on Debian work. Could you
> deal with it by updating to 2.5.0 and also set the maintainer to the java
> packaging team?
Hi Thomas,
I have updated the source package to 2.5.0 (checked copyrights, refreshed the
patches), but unfortunately it does not build. I suppose that some ground work
is needed on the Java side, but I am not able to do it.
I committed all my changes to the Git repository.
Cheers,
--
Charles
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>:
Bug#691900; Package gwt.
(Wed, 21 Nov 2012 09:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org>.
(Wed, 21 Nov 2012 09:15:04 GMT) (full text, mbox, link).
Message #30 received at 691900@bugs.debian.org (full text, mbox, reply):
On Sat, Nov 03, 2012 at 10:23:18PM +0900, Charles Plessy wrote:
> Le Fri, Nov 02, 2012 at 07:43:19AM +0100, Thomas Koch a écrit :
> > Charles Plessy:
> > >
> > > In particular I do not know if the best resolution for this bug is to
> > > upgrade to 2.5.0 or to patch, so I am reluctant to take action by myself,
> > > worrying that I might complicate your work on Gerrit.
> >
> > Hi Charles,
> >
> > thank you for pinging me. I've just spend three days on Debian work. Could you
> > deal with it by updating to 2.5.0 and also set the maintainer to the java
> > packaging team?
>
> Hi Thomas,
>
> I have updated the source package to 2.5.0 (checked copyrights, refreshed the
> patches), but unfortunately it does not build. I suppose that some ground work
> is needed on the Java side, but I am not able to do it.
>
> I committed all my changes to the Git repository.
Please note that the initial fix was incomplete, CVE-2012-5920 was assigned for
that: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5920
Cheers,
Moritz
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Fri, 09 Aug 2013 06:54:30 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Fri, 09 Aug 2013 06:54:30 GMT) (full text, mbox, link).
Message #35 received at 691900-done@bugs.debian.org (full text, mbox, reply):
Version: 2.4.0-1+rm
Dear submitter,
as the package gwt has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see http://bugs.debian.org/718911
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Ansgar Burchardt (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 06 Sep 2013 07:25:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Jul 1 13:56:47 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.