Debian Bug report logs - #720902
libspring-java: CVE-2013-4152

version graph

Package: libspring-java; Maintainer for libspring-java is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Mon, 26 Aug 2013 06:51:02 UTC

Severity: grave

Tags: security

Found in version 3.0.6.RELEASE-6

Fixed in versions libspring-java/3.0.6.RELEASE-10, libspring-java/3.0.6.RELEASE-6+deb7u1

Done: Markus Koschany <apo@gambaru.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#720902; Package libspring-java. (Mon, 26 Aug 2013 06:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Mon, 26 Aug 2013 06:51:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libspring-java: CVE-2013-4152
Date: Mon, 26 Aug 2013 08:42:55 +0200
Package: libspring-java
Severity: grave
Tags: security
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4152 for details.

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#720902; Package libspring-java. (Sat, 07 Dec 2013 12:09:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Markus Koschany <apo@gambaru.de>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Sat, 07 Dec 2013 12:09:05 GMT) Full text and rfc822 format available.

Message #10 received at 720902@bugs.debian.org (full text, mbox):

From: Markus Koschany <apo@gambaru.de>
To: security@rt.debian.org
Cc: debian-java@lists.debian.org, 720902@bugs.debian.org
Subject: Debian RT: CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework
Date: Sat, 07 Dec 2013 13:07:14 +0100
[Message part 1 (text/plain, inline)]
Dear security team,

I have prepared a new version of libspring-java to fix CVE-2013-4152
(#720902) by backporting the related upstream patch [1]. I'm attaching
the debdiff against the version of libspring-java in stable. You can
also find an updated package at mentors.debian.net for an initial
review. [2]

Please let me know if the changes qualify for a stable-security release.
The affected libspring-oxm-java binary package has no further
reverse-dependencies. The problem type is local and remote. It is
possible to conduct DDoS attacks via XXE injections. Please refer to the
full disclosure (References) for additional information.

Description
===========

The Spring OXM wrapper did not expose any property for disabling entity
resolution when using the JAXB unmarshaller. There are four possible
source implementations passed to the unmarshaller:

    DOMSource
    StAXSource
    SAXSource
    StreamSource

For a DOMSource, the XML has already been parsed by user code and that
code is responsible for protecting against XXE.

For a StAXSource, the XMLStreamReader has already been created by user
code and that code is responsible for protecting against XXE.

For SAXSource and StreamSource instances, Spring processed external
entities by default thereby creating this vulnerability.

The issue was resolved by disabling external entity processing by
default and adding an option to enable it for those users that need to
use this feature when processing XML from a trusted source.

It was also identified that Spring MVC processed user provided XML with
JAXB in combination with a StAX XMLInputFactory without disabling
external entity resolution. External entity resolution has been disabled
in this case.

References
==========

http://seclists.org/bugtraq/2013/Aug/154
http://seclists.org/fulldisclosure/2013/Nov/14
http://www.gopivotal.com/security/cve-2013-4152

Regards,

Markus


[1] https://github.com/SpringSource/spring-framework/pull/317
[2]
http://mentors.debian.net/debian/pool/main/libs/libspring-java/libspring-java_3.0.6.RELEASE-6+deb7u1.dsc
[libspring-java.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]

Reply sent to Markus Koschany <apo@gambaru.de>:
You have taken responsibility. (Mon, 30 Dec 2013 15:22:21 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Mon, 30 Dec 2013 15:22:21 GMT) Full text and rfc822 format available.

Message #15 received at 720902-close@bugs.debian.org (full text, mbox):

From: Markus Koschany <apo@gambaru.de>
To: 720902-close@bugs.debian.org
Subject: Bug#720902: fixed in libspring-java 3.0.6.RELEASE-10
Date: Mon, 30 Dec 2013 15:21:14 +0000
Source: libspring-java
Source-Version: 3.0.6.RELEASE-10

We believe that the bug you reported is fixed in the latest version of
libspring-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 720902@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@gambaru.de> (supplier of updated libspring-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 29 Dec 2013 13:24:03 +0100
Source: libspring-java
Binary: libspring-core-java libspring-beans-java libspring-aop-java libspring-context-java libspring-context-support-java libspring-web-java libspring-web-servlet-java libspring-web-struts-java libspring-web-portlet-java libspring-test-java libspring-transaction-java libspring-jdbc-java libspring-jms-java libspring-orm-java libspring-expression-java libspring-oxm-java libspring-instrument-java
Architecture: source all
Version: 3.0.6.RELEASE-10
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@gambaru.de>
Description: 
 libspring-aop-java - modular Java/J2EE application framework - AOP
 libspring-beans-java - modular Java/J2EE application framework - Beans
 libspring-context-java - modular Java/J2EE application framework - Context
 libspring-context-support-java - modular Java/J2EE application framework - Context Support
 libspring-core-java - modular Java/J2EE application framework - Core
 libspring-expression-java - modular Java/J2EE application framework - Expression language
 libspring-instrument-java - modular Java/J2EE application framework - Instrumentation
 libspring-jdbc-java - modular Java/J2EE application framework - JDBC tools
 libspring-jms-java - modular Java/J2EE application framework - JMS tools
 libspring-orm-java - modular Java/J2EE application framework - ORM tools
 libspring-oxm-java - modular Java/J2EE application framework - Object/XML Mapping
 libspring-test-java - modular Java/J2EE application framework - Test helpers
 libspring-transaction-java - modular Java/J2EE application framework - transaction
 libspring-web-java - modular Java/J2EE application framework - Web
 libspring-web-portlet-java - modular Java/J2EE application framework - Portlet MVC
 libspring-web-servlet-java - modular Java/J2EE application framework - Web Portlet
 libspring-web-struts-java - modular Java/J2EE application framework - Struts MVC
Closes: 720902
Changes: 
 libspring-java (3.0.6.RELEASE-10) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2013-4152. (Closes: #720902).
    - New patch: Add-processExternalEntities-to-JAXB2Marshaller.patch.
    - Now by default external XML entities are not processed when unmarshalling.
      Processing of external entities will only be enabled/disabled when the
      source passed to the unmarshaller is a SAXSource or StreamSource. It has
      no effect for DOMSource or StAXSource instances.
Checksums-Sha1: 
 f7bdcfe13b5e689774c27c16e58e8313659399fb 4484 libspring-java_3.0.6.RELEASE-10.dsc
 6979c683b599e13a25fa7d4fdbc46685c0c7b8a4 21494 libspring-java_3.0.6.RELEASE-10.debian.tar.gz
 38023b902df58589000676f5fc87c71e917808c7 359796 libspring-core-java_3.0.6.RELEASE-10_all.deb
 9ecddf4987a930822046f6485c1bf045d5b2ba02 516248 libspring-beans-java_3.0.6.RELEASE-10_all.deb
 4886f787c4fd1fb5821019ce0123c46b1a97f820 326750 libspring-aop-java_3.0.6.RELEASE-10_all.deb
 5f2c420b1b61d8b50eadafbca4e4ca1bbb7b8143 589976 libspring-context-java_3.0.6.RELEASE-10_all.deb
 e956934165462d017e453989c4ae5b7da96c0209 112916 libspring-context-support-java_3.0.6.RELEASE-10_all.deb
 6fbc669feb53a1f8af5ff78277bba22a2359960e 367836 libspring-web-java_3.0.6.RELEASE-10_all.deb
 4f9032bfbc854246c71836747fd6384371e63e2c 396162 libspring-web-servlet-java_3.0.6.RELEASE-10_all.deb
 72868444ef44fda3ce2c4789465fc506235ea53c 51654 libspring-web-struts-java_3.0.6.RELEASE-10_all.deb
 06ff53bb5aa2483c42165b501979ce5d9487e9ea 179232 libspring-web-portlet-java_3.0.6.RELEASE-10_all.deb
 392a4d3fad85f80bcb1f18c34b0fe44cab5d9557 203612 libspring-test-java_3.0.6.RELEASE-10_all.deb
 3d651a5acb17b8358547ac5279bbe22d89de04bd 210988 libspring-transaction-java_3.0.6.RELEASE-10_all.deb
 72be80453a1d01530d29ea9095b5739aec0121c2 356206 libspring-jdbc-java_3.0.6.RELEASE-10_all.deb
 cff79f078fb20ae839428cefead5d3962eb3eced 185658 libspring-jms-java_3.0.6.RELEASE-10_all.deb
 680116cf9ad0acbf1f617a77d73827e52f5f12c3 314600 libspring-orm-java_3.0.6.RELEASE-10_all.deb
 9ed26e9eecd83fb7e5c11a1fa37d49037f68b457 175930 libspring-expression-java_3.0.6.RELEASE-10_all.deb
 d4c9916c0290184f82c51b35ba20636f701ef13f 77774 libspring-oxm-java_3.0.6.RELEASE-10_all.deb
 76acfe1248d319603a409a6a02747de9d37c0d26 29948 libspring-instrument-java_3.0.6.RELEASE-10_all.deb
Checksums-Sha256: 
 9ce69df5778b0e33f5b646b3714c64deb1d4527f839fedd4521223c7cc09d88c 4484 libspring-java_3.0.6.RELEASE-10.dsc
 e6c56be05a85b3e52a527c05f28dcbdcb93a9ca640beac99d34157921cab1ba5 21494 libspring-java_3.0.6.RELEASE-10.debian.tar.gz
 86aec5df436eac97b0fdcb27958fcd5f3c0bb79f5355dc4e8f1424996525ed11 359796 libspring-core-java_3.0.6.RELEASE-10_all.deb
 69cc5a16a12fe720e6b066ed69da44285dd0ae098785d97dc4d26df2c5c26157 516248 libspring-beans-java_3.0.6.RELEASE-10_all.deb
 58d012f19586511022ccbed9a99d9b71ee80127e313815c0a0f250f74ab92c6c 326750 libspring-aop-java_3.0.6.RELEASE-10_all.deb
 da7cb7e958cac12bb5fb308f6cb6ec700c21fc74fc503e125a0c5f96c496ebe4 589976 libspring-context-java_3.0.6.RELEASE-10_all.deb
 c1782c573efefa2ec05063cf41e196a594b3216df222f3af1b1cfe0018e1adbb 112916 libspring-context-support-java_3.0.6.RELEASE-10_all.deb
 4c8b726634bd309fcca717f3d0c68496a1185df944b41e6d401a881e8ec34c44 367836 libspring-web-java_3.0.6.RELEASE-10_all.deb
 42216a604ba084f84cabe9a366bb1e3c1e4e454273750f542efb962ab22a2a2d 396162 libspring-web-servlet-java_3.0.6.RELEASE-10_all.deb
 49f2d3f855e35364317bad84acce2fb3a50ae811a356e2f1d28963703a673534 51654 libspring-web-struts-java_3.0.6.RELEASE-10_all.deb
 225afe4ee806985b9cd1f4bceb3f638de5ed0cc979f9055225408c711274c3a0 179232 libspring-web-portlet-java_3.0.6.RELEASE-10_all.deb
 f1a552126b18337de27bca84cbbdff48468fcad18c341e9b39d59cc8a972f337 203612 libspring-test-java_3.0.6.RELEASE-10_all.deb
 d409e7526378bd0dcb4e7bd314bf428136ac2263a9d9fe0b6b36003de967786a 210988 libspring-transaction-java_3.0.6.RELEASE-10_all.deb
 4d624518a1530f6de7c60fc1fe16e94ae5587571f6bd74c59950fec18bf2bffe 356206 libspring-jdbc-java_3.0.6.RELEASE-10_all.deb
 5be2248ee700790f8adf031d2cf18b7f327e48050c169b04898122b50ad2aa1a 185658 libspring-jms-java_3.0.6.RELEASE-10_all.deb
 3b476a808478a3b1fef9a1368660c052d1bf6afc09485d80a78033b697c72f11 314600 libspring-orm-java_3.0.6.RELEASE-10_all.deb
 40f4c2376c088727bc144dcc1be949fcc46cbca7f725ff3e6cf7e78235ba8628 175930 libspring-expression-java_3.0.6.RELEASE-10_all.deb
 87d9bd738314c7e7325c59864283ff00a625eafda7b8f5ad9f7e46eb248687ca 77774 libspring-oxm-java_3.0.6.RELEASE-10_all.deb
 3719d132b8a727503abf265ba0d02093cea95dac0a39de15e20db6726fe48c64 29948 libspring-instrument-java_3.0.6.RELEASE-10_all.deb
Files: 
 422332c69a97d53a320cbe898c723d43 4484 java extra libspring-java_3.0.6.RELEASE-10.dsc
 c90bde6db6cd6dc5fdb80f34a34b1bcb 21494 java extra libspring-java_3.0.6.RELEASE-10.debian.tar.gz
 0f7b3a40f94764099786c89879d939d1 359796 java extra libspring-core-java_3.0.6.RELEASE-10_all.deb
 80f9cb9e9f5636b5dab316224c4eb73b 516248 java extra libspring-beans-java_3.0.6.RELEASE-10_all.deb
 1da4525ee82936be2c8b700b56f85b9f 326750 java extra libspring-aop-java_3.0.6.RELEASE-10_all.deb
 1e6f4f7c3ddeede462548be72da73e6d 589976 java extra libspring-context-java_3.0.6.RELEASE-10_all.deb
 d8d8cd7eced09853154c74a3c4acf4c4 112916 java extra libspring-context-support-java_3.0.6.RELEASE-10_all.deb
 b59062bd612e0622e4b42b0e6f657c07 367836 java extra libspring-web-java_3.0.6.RELEASE-10_all.deb
 7b893fb3a28acfaf7bd48093de396996 396162 java extra libspring-web-servlet-java_3.0.6.RELEASE-10_all.deb
 8d7c0fcee523d7dff013e654ffd4c2b8 51654 java extra libspring-web-struts-java_3.0.6.RELEASE-10_all.deb
 9ab0b20418e9175945aac8eb62ba6144 179232 java extra libspring-web-portlet-java_3.0.6.RELEASE-10_all.deb
 0038f7d30d52c55a5ccce0b19eac9cee 203612 java extra libspring-test-java_3.0.6.RELEASE-10_all.deb
 8cae8c2d1a75e647dbfddd224dd352e3 210988 java extra libspring-transaction-java_3.0.6.RELEASE-10_all.deb
 532cf458e5f4de45b81a510bb0b2bfc7 356206 java extra libspring-jdbc-java_3.0.6.RELEASE-10_all.deb
 f545a97d4d1b902d494a6ba6bf73c158 185658 java extra libspring-jms-java_3.0.6.RELEASE-10_all.deb
 2a6bb6b213f41b7314f2ac51d8733492 314600 java extra libspring-orm-java_3.0.6.RELEASE-10_all.deb
 4a8e25b83f996a66faa73ef9cb39ab00 175930 java extra libspring-expression-java_3.0.6.RELEASE-10_all.deb
 c186039469c3b7cdc2082d3bb3871135 77774 java extra libspring-oxm-java_3.0.6.RELEASE-10_all.deb
 dce49e72833e9e588bffb2a34f755f17 29948 java extra libspring-instrument-java_3.0.6.RELEASE-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJSwYffAAoJEI8AS/UHtGj7cPoP/0uBfXYsXXRudkYaVWnCjY2Y
pv9bdK7OV5/SYLWr3gcDqw3oZanRtU1aFgnsAsZLpLbnLyc0I+kzYsvJJM/pJ201
uxZbQqypJsaHMQq0/sMnovUsWnxLr2sMIwBvM7FOohMSekLKUIjdmyHoDGctyjPB
RJA4fqLk0vdQIsaEdDAcNHdJBySAHXiWsUnrQuiph5EhQREFIAwasNC3S8UH5FOI
9BSkl2W9EBAguodTsnaHaOHriKLizTs6oqwzqL9AgiVFS2Z2Gfngg2P5xoRD4kKQ
IAsWmVjcNKoonqa2Nan3YXuSfdSY03viNJOOzp0zx87hu83GUiBJazo7Dobc7U73
gWVDc9fMa1yl7u+D4hLe+Ewtmw60wd7YNVgAikdET/5qERpaVLXW2G4oKp04tIef
9LyP86bSGX9LyRJvIae8cQWKVQz+DDjURNRBf3GSPMsCFDdpMko6Cesl+EjBF8Vr
pdC790J2dsCc3uFvVvt4tijDyCZSNLJbOJ1XKOmA/xlno2pfpHOL0m1Z82ORSb9W
hx/BTu7vL21gwEd+cMcaSaXT0F2IJtKauSyvmZT+idobQOgYYT8Fh2CDIiyYjSnd
7agj6n/tDBng6p1mGn9CTstoRUt/gpOWvqmBoCmsUhE/63Dy5eLQ88tYMdZXmt1A
ncmhmqYVZJpzfOLSgllJ
=Nfz5
-----END PGP SIGNATURE-----




Marked as found in versions 3.0.6.RELEASE-6. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 02 Jan 2014 09:27:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#720902; Package libspring-java. (Mon, 13 Jan 2014 01:39:04 GMT) Full text and rfc822 format available.

Message #20 received at 720902@bugs.debian.org (full text, mbox):

From: "Debian Developer via RT" <rt-comment@rt.debian.org>
To: "OtherRecipients of rt.debian.org Ticket #4815":;
Cc: debian-java@lists.debian.org, 720902@bugs.debian.org, jmm@inutil.org
Subject: [rt.debian.org #4815] CVE-2013-4152 XML External Entity (XXE) injection in Spring
Date: Mon, 13 Jan 2014 01:36:09 +0000
Hi,

Is there any news with this vulnerability fix?

3.0.6.RELEASE-6+deb7u1 was uploaded to security-master a week ago or so.

Cheers,

Miguel.



Reply sent to Markus Koschany <apo@gambaru.de>:
You have taken responsibility. (Tue, 21 Jan 2014 21:21:19 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Tue, 21 Jan 2014 21:21:19 GMT) Full text and rfc822 format available.

Message #25 received at 720902-close@bugs.debian.org (full text, mbox):

From: Markus Koschany <apo@gambaru.de>
To: 720902-close@bugs.debian.org
Subject: Bug#720902: fixed in libspring-java 3.0.6.RELEASE-6+deb7u1
Date: Tue, 21 Jan 2014 21:17:29 +0000
Source: libspring-java
Source-Version: 3.0.6.RELEASE-6+deb7u1

We believe that the bug you reported is fixed in the latest version of
libspring-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 720902@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@gambaru.de> (supplier of updated libspring-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 29 Dec 2013 13:21:19 +0100
Source: libspring-java
Binary: libspring-core-java libspring-beans-java libspring-aop-java libspring-context-java libspring-context-support-java libspring-web-java libspring-web-servlet-java libspring-web-struts-java libspring-web-portlet-java libspring-test-java libspring-transaction-java libspring-jdbc-java libspring-jms-java libspring-orm-java libspring-expression-java libspring-oxm-java libspring-instrument-java
Architecture: source all
Version: 3.0.6.RELEASE-6+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@gambaru.de>
Description: 
 libspring-aop-java - modular Java/J2EE application framework - AOP
 libspring-beans-java - modular Java/J2EE application framework - Beans
 libspring-context-java - modular Java/J2EE application framework - Context
 libspring-context-support-java - modular Java/J2EE application framework - Context Support
 libspring-core-java - modular Java/J2EE application framework - Core
 libspring-expression-java - modular Java/J2EE application framework - Expression language
 libspring-instrument-java - modular Java/J2EE application framework - Instrumentation
 libspring-jdbc-java - modular Java/J2EE application framework - JDBC tools
 libspring-jms-java - modular Java/J2EE application framework - JMS tools
 libspring-orm-java - modular Java/J2EE application framework - ORM tools
 libspring-oxm-java - modular Java/J2EE application framework - Object/XML Mapping
 libspring-test-java - modular Java/J2EE application framework - Test helpers
 libspring-transaction-java - modular Java/J2EE application framework - transaction
 libspring-web-java - modular Java/J2EE application framework - Web
 libspring-web-portlet-java - modular Java/J2EE application framework - Portlet MVC
 libspring-web-servlet-java - modular Java/J2EE application framework - Web Portlet
 libspring-web-struts-java - modular Java/J2EE application framework - Struts MVC
Closes: 720902
Changes: 
 libspring-java (3.0.6.RELEASE-6+deb7u1) wheezy-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2013-4152.
     - New patch: Add-processExternalEntities-to-JAXB2Marshaller.patch.
     - Now by default external XML entities are not processed when
       unmarshalling. Processing of external entities will only be
       enabled/disabled when the source passed to the unmarshaller is a
       SAXSource or StreamSource. It has no effect for DOMSource or StAXSource
       instances.
     - (Closes: #720902)
Checksums-Sha1: 
 5eb3cb9b3967547e1c91a5188fe60b5c68777147 4567 libspring-java_3.0.6.RELEASE-6+deb7u1.dsc
 54681c810cb8d918b54ab430441958a84c6440a9 11192531 libspring-java_3.0.6.RELEASE.orig.tar.gz
 e9f00f61c780d0029f0f36319d2d7d89e19523a9 19505 libspring-java_3.0.6.RELEASE-6+deb7u1.debian.tar.gz
 ed262b6393f1dadf65738e00689e86069b2f8e01 364098 libspring-core-java_3.0.6.RELEASE-6+deb7u1_all.deb
 9ef33c4b2761903115c632f070d7dd00fda56202 520022 libspring-beans-java_3.0.6.RELEASE-6+deb7u1_all.deb
 f7f4c79f1abe718d1b57e4c2b8710dbc6c1bcafc 331176 libspring-aop-java_3.0.6.RELEASE-6+deb7u1_all.deb
 8814a5471a4292688444b40a018b4d003f69931a 599282 libspring-context-java_3.0.6.RELEASE-6+deb7u1_all.deb
 c152f1eb506554f3bfc3fd1949256c8b25b6b3da 113508 libspring-context-support-java_3.0.6.RELEASE-6+deb7u1_all.deb
 942815c2587812fd206f8a24b3f0bee3a1cef12f 371872 libspring-web-java_3.0.6.RELEASE-6+deb7u1_all.deb
 fea9171dd5e112b403343581673f53e5a35ca2aa 398860 libspring-web-servlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
 f3436a33013a243bbce0f13d468e60867533e3fa 51440 libspring-web-struts-java_3.0.6.RELEASE-6+deb7u1_all.deb
 44c34d168117273543fb00f656bf7afb078c9dac 180086 libspring-web-portlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
 a139834d86dd0f4355c608dbe73f332744b96381 204994 libspring-test-java_3.0.6.RELEASE-6+deb7u1_all.deb
 9942e4c9f651a019e1d342d2e746fe6c97af57b6 214106 libspring-transaction-java_3.0.6.RELEASE-6+deb7u1_all.deb
 d614faedd37916e66574f87d799458c5444592a1 358828 libspring-jdbc-java_3.0.6.RELEASE-6+deb7u1_all.deb
 889148c9a97dc529e0975cfa315accadfb292c3a 186862 libspring-jms-java_3.0.6.RELEASE-6+deb7u1_all.deb
 7ecf4f44de0f5c2409e81ead9f5d144d12085378 317706 libspring-orm-java_3.0.6.RELEASE-6+deb7u1_all.deb
 85fcfec606316db10a31f6c58a14bd06a59c6256 176482 libspring-expression-java_3.0.6.RELEASE-6+deb7u1_all.deb
 294e24ad0b09a48f3062289baaf43baa1b54f899 77884 libspring-oxm-java_3.0.6.RELEASE-6+deb7u1_all.deb
 65da8b54ad30af91ae85b91cb184439866dd4369 29860 libspring-instrument-java_3.0.6.RELEASE-6+deb7u1_all.deb
Checksums-Sha256: 
 483d48115a550f6a75b054269240c2cb110df3bf544a7a7f10163f8081d05d4f 4567 libspring-java_3.0.6.RELEASE-6+deb7u1.dsc
 694c3efc4b4b0730c596b90a14a8e14e1a5d5be065f38a35c3e2e86c50dab04f 11192531 libspring-java_3.0.6.RELEASE.orig.tar.gz
 03bb2b45eeb4c065091b11ff9f753cd712d1736f61f50ff2c461dde11e4066d5 19505 libspring-java_3.0.6.RELEASE-6+deb7u1.debian.tar.gz
 357354b71ba9890d1ed53d00675a322270c034a9cfb1f2d95b5d3877fe21808c 364098 libspring-core-java_3.0.6.RELEASE-6+deb7u1_all.deb
 426045199ca5edc82fa548a786a88077a0fd5bf42da194169368636bb8a5ee12 520022 libspring-beans-java_3.0.6.RELEASE-6+deb7u1_all.deb
 26ecf6c1c7256bc9003e1f65633a3374e692f285e3aaa2c9a26410d29cc23e0a 331176 libspring-aop-java_3.0.6.RELEASE-6+deb7u1_all.deb
 2710cf01459991d524257b7bcac63e4bcc39afffd02a06ace91b315daa8ed4ac 599282 libspring-context-java_3.0.6.RELEASE-6+deb7u1_all.deb
 b87f807c7a123f347c99b453c56adef832008483e207e574aac265dd0cbbc6d2 113508 libspring-context-support-java_3.0.6.RELEASE-6+deb7u1_all.deb
 cdb863becc211de9d6c5f1ab2f2743b73ad70cb6b1cd2f300b946ae210d00995 371872 libspring-web-java_3.0.6.RELEASE-6+deb7u1_all.deb
 b562a533422395f36a021de8cf6835d4d151683556c41d579e7d7ad8b84b03d6 398860 libspring-web-servlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
 66dc5253e82d9a44665b58831da597469af50de364a1ca4366acf7ed43c3637c 51440 libspring-web-struts-java_3.0.6.RELEASE-6+deb7u1_all.deb
 a07aeb433e4b64c9db06a34f77eb809d9bc566c898c1d475d507e4a6e9a6bf28 180086 libspring-web-portlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
 dd9e04c6d3f734fffab30556d53af9ce871dae99bf47184ea4362794d4d6945e 204994 libspring-test-java_3.0.6.RELEASE-6+deb7u1_all.deb
 2b3e87990b7538ad428dfb56b1c97f06c67c0030a6601140c78223868edf23c4 214106 libspring-transaction-java_3.0.6.RELEASE-6+deb7u1_all.deb
 b6fb13dece46d2d0d486202d24ac4dd763094f63c322affca8bdb516d33951e6 358828 libspring-jdbc-java_3.0.6.RELEASE-6+deb7u1_all.deb
 3e6d999d422a95b6bd754e05152a6b72e7ef834ce51974a3ca4923320d79ee7f 186862 libspring-jms-java_3.0.6.RELEASE-6+deb7u1_all.deb
 fd94c8a15c06ba017b350358b54aacd978f2a83e422304158e84bc9a619890f8 317706 libspring-orm-java_3.0.6.RELEASE-6+deb7u1_all.deb
 562f14f95824bb8787f09b82f18e51adb9701e2361e1a3e59601fbd41d81135f 176482 libspring-expression-java_3.0.6.RELEASE-6+deb7u1_all.deb
 c45cb10624c4dfb6f4ee6a2f988f8a92395245107af89010e8f5f36b399a0e29 77884 libspring-oxm-java_3.0.6.RELEASE-6+deb7u1_all.deb
 5592e4816def127e370111d26c65b53742e76376553eb2a6af8b2b1de4ee0280 29860 libspring-instrument-java_3.0.6.RELEASE-6+deb7u1_all.deb
Files: 
 df511b8ba286419300e190d1a3e7f29c 4567 java extra libspring-java_3.0.6.RELEASE-6+deb7u1.dsc
 94d0061e56d508cb9f935a6602ac5447 11192531 java extra libspring-java_3.0.6.RELEASE.orig.tar.gz
 44258137fb5c5be6f182d5b6821aa5dd 19505 java extra libspring-java_3.0.6.RELEASE-6+deb7u1.debian.tar.gz
 cfb931344395d2bb25a7b0cf34ee9d1c 364098 java extra libspring-core-java_3.0.6.RELEASE-6+deb7u1_all.deb
 2c3e7db6141a9cf551ad142f5d0bcf68 520022 java extra libspring-beans-java_3.0.6.RELEASE-6+deb7u1_all.deb
 646877c96f44b1a28a50e5fdbe4a5fcd 331176 java extra libspring-aop-java_3.0.6.RELEASE-6+deb7u1_all.deb
 7ec778ee1eda704b8523c98df77a969d 599282 java extra libspring-context-java_3.0.6.RELEASE-6+deb7u1_all.deb
 72acb3f1ccbc2ee431296f8123decfdf 113508 java extra libspring-context-support-java_3.0.6.RELEASE-6+deb7u1_all.deb
 cc8a6bc480b073a45fed1e05dcef6801 371872 java extra libspring-web-java_3.0.6.RELEASE-6+deb7u1_all.deb
 26d15421430d19c559f008f924733f7c 398860 java extra libspring-web-servlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
 d1a72ef9a5b96451f3e21f06042ccc8e 51440 java extra libspring-web-struts-java_3.0.6.RELEASE-6+deb7u1_all.deb
 33e3d54eb8b25e583378080694d62eec 180086 java extra libspring-web-portlet-java_3.0.6.RELEASE-6+deb7u1_all.deb
 4623ee4132caf00ecefdc3578a8f2464 204994 java extra libspring-test-java_3.0.6.RELEASE-6+deb7u1_all.deb
 9a7cff44278220b7205a2669fc45de57 214106 java extra libspring-transaction-java_3.0.6.RELEASE-6+deb7u1_all.deb
 d0ba56977081fdc7a514aedd62aff47e 358828 java extra libspring-jdbc-java_3.0.6.RELEASE-6+deb7u1_all.deb
 e6b22d5227fb05f74ac366987e553e99 186862 java extra libspring-jms-java_3.0.6.RELEASE-6+deb7u1_all.deb
 b84bf7bf2643f030d181704a6c17d561 317706 java extra libspring-orm-java_3.0.6.RELEASE-6+deb7u1_all.deb
 9ea80ff7644332eb38aee4629e1a59c5 176482 java extra libspring-expression-java_3.0.6.RELEASE-6+deb7u1_all.deb
 40ffbd1145969ae79f18e3e81cb6d6f1 77884 java extra libspring-oxm-java_3.0.6.RELEASE-6+deb7u1_all.deb
 259e7e87a5da69e06485e46016f19790 29860 java extra libspring-instrument-java_3.0.6.RELEASE-6+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJSwcpmAAoJEI8AS/UHtGj7y3oQAJdf6FeBv0mfs2U9524Guyzs
MCF5KfTrLfoXhl84Sar5x/PAPHOiEev1KlZaJOUTpamt/2KW03fTgSUYPhzK2Rhd
0DnWDEmCGIZK9VBFanPJCcR30Uq+eN4yfziQw72wjLItF80yZvPNUyRqOwGKrnEv
P2mpNAT4QYXQ9GmAwIQAYK0AeoFg7DZOYIyoowgwAPLmeDak/MFPP0eP6E+1Ba1L
cy3JoKuh9rtfLZ4D5XfTwTsYW1byGVTCO9ERb4uts2ubIXhbs3zbhYEP0/GwIssQ
H4AQaIQ9UhUX3nrbrmsZcfkdaPO0EGNSqW0p2C5annYE5TwhC9jx1ZeTaofWUxmp
WRdiOD3pzLx1at4XExFr8Dp3fWcgZUTwcdhf3BmnucLHPnzgL6IqVido6byhdejO
I5j9UhGmAWhWzKMAO06UBDThaarKnBpJTnqp40VvVajSYhNlW81ZSeILzZG3VyRE
oK9MH7ssAjdoLAZT2t61fODZTC5KmoGfuSkxYkpBgBD3aep31XQjoguCNBMmKz9i
/S0CnFWtERaZyDlbIn4Ele53IdEeOIrrf2zg3vbpKsdyWvQZQWiptab1m/s2EDWp
llAcI0dr5TPiLQZrkzjGWPmDJ2/+++PILIPmeU9V7ZnBr7fEUCYrzEveygJHoj2B
LOJHb7O2MdaifNdwzV0p
=3iBd
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 09 Mar 2014 07:25:13 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 10:04:30 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.