File: changelog

package info (click to toggle)
libjettison-java 1.5.4-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 644 kB
  • sloc: java: 7,592; xml: 206; makefile: 2
file content (129 lines) | stat: -rw-r--r-- 4,549 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
libjettison-java (1.5.4-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.5.4 (Closes: #1033846)
    - Fix CVE-2023-1436 - Infinite recursion in Jettison leads
      to denial of service when creating a crafted JSONArray

 -- tony mancill <tmancill@debian.org>  Sun, 11 Jun 2023 15:38:24 -0700

libjettison-java (1.5.3-1) unstable; urgency=high

  * Team upload.
  * New upstream version 1.5.3.
    - Fix CVE-2022-40150, CVE-2022-45685, CVE-2022-45693:
      denial of service via stack overflow / out of memory
      (Closes: #1022553)
  * Declare compliance with Debian Policy 4.6.2.

 -- Markus Koschany <apo@debian.org>  Sat, 31 Dec 2022 11:18:53 +0100

libjettison-java (1.5.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.5.1.
  * Fix CVE-2022-40149:
    It was discovered that libjettison-java, a collection of StAX parsers and
    writers for JSON, was vulnerable to a denial-of-service attack, if the
    attacker provided untrusted XML or JSON data. (Closes: #1022554)

 -- Markus Koschany <apo@debian.org>  Thu, 10 Nov 2022 01:09:07 +0100

libjettison-java (1.4.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
  * Standards-Version updated to 4.5.1
  * Switch to debhelper level 13
  * Use salsa.debian.org Vcs-* URLs

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 18 Jan 2021 00:14:42 +0100

libjettison-java (1.4.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Build with Maven instead of Ant
    - Fixed the compatibility with the bundle plugin in Debian
  * Build with the DH sequencer instead of CDBS
  * Moved the package to Git
  * Standards-Version updated to 4.1.4
  * Switch to debhelper level 11
  * Track and download the new releases from GitHub
  * Converted debian/copyright to the Copyright Format 1.0

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 20 Apr 2018 16:28:48 +0200

libjettison-java (1.2-3) unstable; urgency=low

  * Team upload.
  * Install Maven artifacts (Closes: #620049).
    Thanks to James Page <james.page@canonical.com> :
    - debian/control: Add maven-repo-helper to Build-Depends.
    - debian/rules: Use mh_installpom and mh_installjar instead of
      install/dh_link.
    - debian/pom.xml: Downloaded POM for Maven.
    - debian/maven.rules: Force installed POM to use "jar" packaging.
  * Update Standards-Version: 3.9.1 (no changes needed).
  * Bump Debhelper compat level to 7 (and update B-D).
  * Drop Depends on a JRE since it's a library package.

 -- Damien Raude-Morvan <drazzib@debian.org>  Wed, 30 Mar 2011 01:22:27 +0200

libjettison-java (1.2-2) unstable; urgency=low

  * Update copyright file because the json code uses the Apache license now. It
    is based on an older public domain implementation of the JSON.org library.
    (Closes: #585469)

 -- Torsten Werner <twerner@debian.org>  Thu, 10 Jun 2010 20:17:19 +0200

libjettison-java (1.2-1) unstable; urgency=low

  * New upstream version.
  * Merge changes from Ubuntu.
  * Switch to source format 3.0.
  * Update Standards-Version: 3.8.4.
  * Switch back to source and target version 1.5 because upstream uses Java 5
    features.

 -- Torsten Werner <twerner@debian.org>  Sat, 08 May 2010 17:52:11 +0200

libjettison-java (1.1-1ubuntu2) karmic; urgency=low

  * debian/build.xml: Build java2-compatible code to match JRE dependency
  * debian/control: Drop java1-runtime-headless ORed dependency

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Tue, 25 Aug 2009 15:08:56 +0200

libjettison-java (1.1-1ubuntu1) karmic; urgency=low

  * debian/control: Runtime dependency on -headless JREs (LP: #387884)
  * debian/control, debian/rules: Build-depend on default-jdk

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Fri, 03 Jul 2009 15:05:02 +0200

libjettison-java (1.1-1) unstable; urgency=low

  * Updated watch file.
  * New upstream release
  * Add missing Depends: ${misc:Depends}.
  * Bump up Standards-Version: 3.8.1 (no changes).
  * Change Section: java.
  * Fix downloading of orig tarball.
  * Do no longer quote the full text of the Apache license in debian/copyright.

 -- Torsten Werner <twerner@debian.org>  Tue, 19 May 2009 22:43:46 +0200

libjettison-java (1.0-1) unstable; urgency=low

  * new upstream release
  * Change Standards-Version: 3.7.3 (no changes).

 -- Torsten Werner <twerner@debian.org>  Sat, 08 Mar 2008 10:38:47 +0100

libjettison-java (1.0~RC2-1) unstable; urgency=low

  * initial version (Closes: #453111)

 -- Torsten Werner <twerner@debian.org>  Sat, 24 Nov 2007 00:01:40 +0100