Hi, > > However, this is not a vulnerability, only extra hardening which is surely > > useful but not a vulnerability in itself. I'm therefore downgrading this > > bug to minor: the request to update the README.Debian.
> Thank you for looking into this bug. I shouldn't have let this one go > for so long, but honestly, I'm not sure about the text to add to the > package readme. > Can you propose appropriate wording to add to README.Debian. Would it > be sufficient to reference the CVE and include a link (say, to )? See attached patch for a change to README.Debian. I've tested it and confirmed that it has the desired effect. Please apply it to the repository; I'm not sure that a separate upload to wheezy is warranted for this but if you're going to make an upload before the release please be sure to include this aswell. Cheers, Thijs
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.