Package: maven
Version: 3.0.4-3
Severity: normal

Dear Maintainer,

Please upgrade maven to 3.0.5. Upstream recommends against using 3.0.4 due to
the following security vulnerability: http://maven.40175.n5.nabble.com
/SECURITY-CVE-2013-0253-Apache-Maven-3-0-4-td5748186.html , currently also
visible at https://maven.apache.org/security.html .

It would be nice to have the safer 3.0.5 version in Wheezy once it goes stable.

Thanks and best regards,
Luís Picciochi



-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages maven depends on:
ii  libaether-java                                   1.13.1-2
ii  libcommons-cli-java                              1.2-3
ii  libcommons-codec-java                            1.6-1
ii  libcommons-httpclient-java                       3.1-10.2
ii  libcommons-logging-java                          1.1.1-9
ii  libguava-java                                    11.0.2-1
ii  libplexus-cipher-java                            1.5-4
ii  libplexus-classworlds2-java                      2.4-1
ii  libplexus-containers1.5-java                     1.5.5-2
ii  libplexus-interpolation-java                     1.11-3
ii  libplexus-sec-dispatcher-java                    1.3.1-6
ii  libplexus-utils2-java                            2.0.5-1
ii  libsisu-guice-java                               3.1.1-1
ii  libsisu-ioc-java                                 2.3.0-3
ii  libwagon2-java                                   2.2-3+nmu1
ii  openjdk-7-jre [java5-runtime]                    7u3-2.1.6-1
ii  openjdk-7-jre-headless [java5-runtime-headless]  7u3-2.1.6-1

maven recommends no packages.

maven suggests no packages.

-- no debconf information

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to