libjettison-java (1.5.4-1) unstable; urgency=medium * Team upload. * New upstream version 1.5.4 (Closes: #1033846) - Fix CVE-2023-1436 - Infinite recursion in Jettison leads to denial of service when creating a crafted JSONArray -- tony mancill Sun, 11 Jun 2023 15:38:24 -0700 libjettison-java (1.5.3-1) unstable; urgency=high * Team upload. * New upstream version 1.5.3. - Fix CVE-2022-40150, CVE-2022-45685, CVE-2022-45693: denial of service via stack overflow / out of memory (Closes: #1022553) * Declare compliance with Debian Policy 4.6.2. -- Markus Koschany Sat, 31 Dec 2022 11:18:53 +0100 libjettison-java (1.5.1-1) unstable; urgency=medium * Team upload. * New upstream version 1.5.1. * Fix CVE-2022-40149: It was discovered that libjettison-java, a collection of StAX parsers and writers for JSON, was vulnerable to a denial-of-service attack, if the attacker provided untrusted XML or JSON data. (Closes: #1022554) -- Markus Koschany Thu, 10 Nov 2022 01:09:07 +0100 libjettison-java (1.4.1-1) unstable; urgency=medium * Team upload. * New upstream release * Standards-Version updated to 4.5.1 * Switch to debhelper level 13 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg Mon, 18 Jan 2021 00:14:42 +0100 libjettison-java (1.4.0-1) unstable; urgency=medium * Team upload. * New upstream release - Build with Maven instead of Ant - Fixed the compatibility with the bundle plugin in Debian * Build with the DH sequencer instead of CDBS * Moved the package to Git * Standards-Version updated to 4.1.4 * Switch to debhelper level 11 * Track and download the new releases from GitHub * Converted debian/copyright to the Copyright Format 1.0 -- Emmanuel Bourg Fri, 20 Apr 2018 16:28:48 +0200 libjettison-java (1.2-3) unstable; urgency=low * Team upload. * Install Maven artifacts (Closes: #620049). Thanks to James Page : - debian/control: Add maven-repo-helper to Build-Depends. - debian/rules: Use mh_installpom and mh_installjar instead of install/dh_link. - debian/pom.xml: Downloaded POM for Maven. - debian/maven.rules: Force installed POM to use "jar" packaging. * Update Standards-Version: 3.9.1 (no changes needed). * Bump Debhelper compat level to 7 (and update B-D). * Drop Depends on a JRE since it's a library package. -- Damien Raude-Morvan Wed, 30 Mar 2011 01:22:27 +0200 libjettison-java (1.2-2) unstable; urgency=low * Update copyright file because the json code uses the Apache license now. It is based on an older public domain implementation of the JSON.org library. (Closes: #585469) -- Torsten Werner Thu, 10 Jun 2010 20:17:19 +0200 libjettison-java (1.2-1) unstable; urgency=low * New upstream version. * Merge changes from Ubuntu. * Switch to source format 3.0. * Update Standards-Version: 3.8.4. * Switch back to source and target version 1.5 because upstream uses Java 5 features. -- Torsten Werner Sat, 08 May 2010 17:52:11 +0200 libjettison-java (1.1-1ubuntu2) karmic; urgency=low * debian/build.xml: Build java2-compatible code to match JRE dependency * debian/control: Drop java1-runtime-headless ORed dependency -- Thierry Carrez Tue, 25 Aug 2009 15:08:56 +0200 libjettison-java (1.1-1ubuntu1) karmic; urgency=low * debian/control: Runtime dependency on -headless JREs (LP: #387884) * debian/control, debian/rules: Build-depend on default-jdk -- Thierry Carrez Fri, 03 Jul 2009 15:05:02 +0200 libjettison-java (1.1-1) unstable; urgency=low * Updated watch file. * New upstream release * Add missing Depends: ${misc:Depends}. * Bump up Standards-Version: 3.8.1 (no changes). * Change Section: java. * Fix downloading of orig tarball. * Do no longer quote the full text of the Apache license in debian/copyright. -- Torsten Werner Tue, 19 May 2009 22:43:46 +0200 libjettison-java (1.0-1) unstable; urgency=low * new upstream release * Change Standards-Version: 3.7.3 (no changes). -- Torsten Werner Sat, 08 Mar 2008 10:38:47 +0100 libjettison-java (1.0~RC2-1) unstable; urgency=low * initial version (Closes: #453111) -- Torsten Werner Sat, 24 Nov 2007 00:01:40 +0100