libjettison-java (1.5.3-1~deb10u1) buster-security; urgency=high

  * Team upload.
  * Fix CVE-2022-40150, CVE-2022-45685, CVE-2022-45693:
    denial of service via stack overflow / out of memory

 -- Markus Koschany <apo@debian.org>  Sat, 31 Dec 2022 11:36:13 +0100

libjettison-java (1.5.3-1) unstable; urgency=high

  * Team upload.
  * New upstream version 1.5.3.
    - Fix CVE-2022-40150, CVE-2022-45685, CVE-2022-45693:
      denial of service via stack overflow / out of memory
      (Closes: #1022553)
  * Declare compliance with Debian Policy 4.6.2.

 -- Markus Koschany <apo@debian.org>  Sat, 31 Dec 2022 11:18:53 +0100

libjettison-java (1.5.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.5.1.
  * Fix CVE-2022-40149:
    It was discovered that libjettison-java, a collection of StAX parsers and
    writers for JSON, was vulnerable to a denial-of-service attack, if the
    attacker provided untrusted XML or JSON data. (Closes: #1022554)

 -- Markus Koschany <apo@debian.org>  Thu, 10 Nov 2022 01:09:07 +0100

libjettison-java (1.4.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
  * Standards-Version updated to 4.5.1
  * Switch to debhelper level 13
  * Use salsa.debian.org Vcs-* URLs

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 18 Jan 2021 00:14:42 +0100

libjettison-java (1.4.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Build with Maven instead of Ant
    - Fixed the compatibility with the bundle plugin in Debian
  * Build with the DH sequencer instead of CDBS
  * Moved the package to Git
  * Standards-Version updated to 4.1.4
  * Switch to debhelper level 11
  * Track and download the new releases from GitHub
  * Converted debian/copyright to the Copyright Format 1.0

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 20 Apr 2018 16:28:48 +0200

libjettison-java (1.2-3) unstable; urgency=low

  * Team upload.
  * Install Maven artifacts (Closes: #620049).
    Thanks to James Page <james.page@canonical.com> :
    - debian/control: Add maven-repo-helper to Build-Depends.
    - debian/rules: Use mh_installpom and mh_installjar instead of
      install/dh_link.
    - debian/pom.xml: Downloaded POM for Maven.
    - debian/maven.rules: Force installed POM to use "jar" packaging.
  * Update Standards-Version: 3.9.1 (no changes needed).
  * Bump Debhelper compat level to 7 (and update B-D).
  * Drop Depends on a JRE since it's a library package.

 -- Damien Raude-Morvan <drazzib@debian.org>  Wed, 30 Mar 2011 01:22:27 +0200

libjettison-java (1.2-2) unstable; urgency=low

  * Update copyright file because the json code uses the Apache license now. It
    is based on an older public domain implementation of the JSON.org library.
    (Closes: #585469)

 -- Torsten Werner <twerner@debian.org>  Thu, 10 Jun 2010 20:17:19 +0200

libjettison-java (1.2-1) unstable; urgency=low

  * New upstream version.
  * Merge changes from Ubuntu.
  * Switch to source format 3.0.
  * Update Standards-Version: 3.8.4.
  * Switch back to source and target version 1.5 because upstream uses Java 5
    features.

 -- Torsten Werner <twerner@debian.org>  Sat, 08 May 2010 17:52:11 +0200

libjettison-java (1.1-1ubuntu2) karmic; urgency=low

  * debian/build.xml: Build java2-compatible code to match JRE dependency
  * debian/control: Drop java1-runtime-headless ORed dependency

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Tue, 25 Aug 2009 15:08:56 +0200

libjettison-java (1.1-1ubuntu1) karmic; urgency=low

  * debian/control: Runtime dependency on -headless JREs (LP: #387884)
  * debian/control, debian/rules: Build-depend on default-jdk

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Fri, 03 Jul 2009 15:05:02 +0200

libjettison-java (1.1-1) unstable; urgency=low

  * Updated watch file.
  * New upstream release
  * Add missing Depends: ${misc:Depends}.
  * Bump up Standards-Version: 3.8.1 (no changes).
  * Change Section: java.
  * Fix downloading of orig tarball.
  * Do no longer quote the full text of the Apache license in debian/copyright.

 -- Torsten Werner <twerner@debian.org>  Tue, 19 May 2009 22:43:46 +0200

libjettison-java (1.0-1) unstable; urgency=low

  * new upstream release
  * Change Standards-Version: 3.7.3 (no changes).

 -- Torsten Werner <twerner@debian.org>  Sat, 08 Mar 2008 10:38:47 +0100

libjettison-java (1.0~RC2-1) unstable; urgency=low

  * initial version (Closes: #453111)

 -- Torsten Werner <twerner@debian.org>  Sat, 24 Nov 2007 00:01:40 +0100