Debian Package Tracker

general

source: derby (main)
version: 10.14.2.0-1
maintainer: Debian Java Maintainers (archive) [DMD]
uploaders: Emmanuel Bourg [DMD] – Tim Booth [DMD]
arch: all
std-ver: 4.1.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 10.10.2.0-1
stable: 10.13.1.1-2
testing: 10.14.2.0-1
unstable: 10.14.2.0-1

versioned links

10.10.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.13.1.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.14.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

derby-doc
derby-tools
libderby-java
libderbyclient-java

action needed

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-08-04 Last update: 2018-11-16 10:03

Multiarch hinter reports 3 issue(s) normal

There are issues with the multiarch metadata for this package.

derby-doc could be marked Multi-Arch: foreign
libderby-java could be marked Multi-Arch: foreign
libderbyclient-java could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2018-11-16 09:55

lintian reports 30 warnings normal

Lintian reports 30 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-04 Last update: 2018-10-28 05:31

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-1313: In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.

Please fix it.

Created: 2018-05-05 Last update: 2018-06-15 08:13

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2015-1832: XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
CVE-2018-1313: In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.

Please fix them.

Created: 2018-05-05 Last update: 2018-06-15 08:13

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.2.1 instead of 4.1.4).

Created: 2018-08-20 Last update: 2018-08-26 08:16

news

[rss feed]

[2018-05-22] derby 10.14.2.0-1 MIGRATED to testing (Debian testing watch)
[2018-05-16] Accepted derby 10.14.2.0-1 (source) into unstable (Emmanuel Bourg)
[2017-11-19] derby 10.14.1.0-1 MIGRATED to testing (Debian testing watch)
[2017-11-14] Accepted derby 10.14.1.0-1 (source) into unstable (Emmanuel Bourg)
[2016-12-31] derby 10.13.1.1-2 MIGRATED to testing (Debian testing watch)
[2016-12-20] Accepted derby 10.13.1.1-2 (source all) into unstable (tony mancill)
[2016-11-30] derby 10.13.1.1-1 MIGRATED to testing (Debian testing watch)
[2016-11-24] Accepted derby 10.13.1.1-1 (source all) into unstable (Emmanuel Bourg)
[2016-06-10] derby 10.10.2.0-2 MIGRATED to testing (Debian testing watch)
[2016-06-03] Accepted derby 10.10.2.0-2 (source all) into unstable (Emmanuel Bourg)
[2014-05-02] derby 10.10.2.0-1 MIGRATED to testing (Debian testing watch)
[2014-04-26] Accepted derby 10.10.2.0-1 (source all) (Emmanuel Bourg)
[2013-08-18] derby 10.10.1.1-1 MIGRATED to testing (Debian testing watch)
[2013-08-07] Accepted derby 10.10.1.1-1 (source all) (Emmanuel Bourg)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 30)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 10.14.2.0-1