Package: maven Version: 3.0.4-3 Severity: normal Dear Maintainer,
Please upgrade maven to 3.0.5. Upstream recommends against using 3.0.4 due to the following security vulnerability: http://maven.40175.n5.nabble.com /SECURITY-CVE-2013-0253-Apache-Maven-3-0-4-td5748186.html , currently also visible at https://maven.apache.org/security.html . It would be nice to have the safer 3.0.5 version in Wheezy once it goes stable. Thanks and best regards, Luís Picciochi -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages maven depends on: ii libaether-java 1.13.1-2 ii libcommons-cli-java 1.2-3 ii libcommons-codec-java 1.6-1 ii libcommons-httpclient-java 3.1-10.2 ii libcommons-logging-java 1.1.1-9 ii libguava-java 11.0.2-1 ii libplexus-cipher-java 1.5-4 ii libplexus-classworlds2-java 2.4-1 ii libplexus-containers1.5-java 1.5.5-2 ii libplexus-interpolation-java 1.11-3 ii libplexus-sec-dispatcher-java 1.3.1-6 ii libplexus-utils2-java 2.0.5-1 ii libsisu-guice-java 3.1.1-1 ii libsisu-ioc-java 2.3.0-3 ii libwagon2-java 2.2-3+nmu1 ii openjdk-7-jre [java5-runtime] 7u3-2.1.6-1 ii openjdk-7-jre-headless [java5-runtime-headless] 7u3-2.1.6-1 maven recommends no packages. maven suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org