On 09/06/2014 11:36 AM, Salvatore Bonaccorso wrote: > Hi Tony, > > On Sat, Sep 06, 2014 at 08:50:24AM -0700, tony mancill wrote: >> On Wed, 02 Jul 2014 10:36:55 +0200 Moritz Muehlenhoff <j...@inutil.org> >> wrote: >>> Package: libspring-java >>> Severity: grave >>> Tags: security >>> Justification: user security hole >>> >>> Hi, >>> please see http://www.gopivotal.com/security/cve-2014-0225 >> >> Hello, >> >> I have uploaded a a patched version (thanks Stephen!) to unstable and >> prepared an upload 3.0.6.RELEASE-6+deb7u4 for wheezy-security, for which >> the debdiff for the .dsc and .changes is attached. (It is essentially >> identical to the debdiff for unstable.) I also placed the source and >> binary packages for the wheezy update here: >> >> https://people.debian.org/~tmancill/libspring-java_wheezy/ >> >> for Security Team review. > > AFAICS at the time (at least), this CVE was marked no-dsa. Do you > concur on this classification or is there something we missed? If so, > could you contact the stable release managers to have an update trough > stable proposed updates?
Hi Salvatore, No, I'm not aware of anything that has been missed. I was just trying to be proactive about creating a package. If any user needs to build for wheezy, the patch is available in the BTS. Thank you for the information, tony
signature.asc
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.