Hi, On Mon, 30 Mar 2015, Markus Koschany wrote: > I have recently started to investigate whether I could fix some open LTS > issues and discovered the entry for libspring-2.5-java. According to > > https://security-tracker.debian.org/tracker/source-package/libspring-2.5-java > > there is no open security issue left. Is this an oversight? Otherwise I > might take a closer look and work on a fix.
No it's correct, the last CVE issue was mis-assigned to that package. That said there are other java packages in need of some love. For example commons-httpclient has been waiting for months: https://security-tracker.debian.org/tracker/source-package/commons-httpclient > In addition I would be happy > if someone added me to the security-testing project on alioth, so that I > can claim open issues in the SVN repository myself. My alioth name is > apo-guest. I have been mainly active in the Debian Games and Java teams > for the past 2,5 years but are interested in other areas of Debian as > well and might be able to help fixing outstanding security issues from > time to time. I don't have the rights to add you but someone else will do it soonish I guess. Thanks for your help! Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
