On 09/06/2014 11:36 AM, Salvatore Bonaccorso wrote:
> Hi Tony,
> On Sat, Sep 06, 2014 at 08:50:24AM -0700, tony mancill wrote:
>> On Wed, 02 Jul 2014 10:36:55 +0200 Moritz Muehlenhoff <j...@inutil.org>
>> wrote:
>>> Package: libspring-java
>>> Severity: grave
>>> Tags: security
>>> Justification: user security hole
>>> Hi,
>>> please see http://www.gopivotal.com/security/cve-2014-0225
>> Hello,
>> I have uploaded a a patched version (thanks Stephen!) to unstable and
>> prepared an upload 3.0.6.RELEASE-6+deb7u4 for wheezy-security, for which
>> the debdiff for the .dsc and .changes is attached.  (It is essentially
>> identical to the debdiff for unstable.)  I also placed the source and
>> binary packages for the wheezy update here:
>>   https://people.debian.org/~tmancill/libspring-java_wheezy/
>> for Security Team review.
> AFAICS at the time (at least), this CVE was marked no-dsa. Do you
> concur on this classification or is there something we missed? If so,
> could you contact the stable release managers to have an update trough
> stable proposed updates?

Hi Salvatore,

No, I'm not aware of anything that has been missed.  I was just trying
to be proactive about creating a package.  If any user needs to build
for wheezy, the patch is available in the BTS.

Thank you for the information,

Attachment: signature.asc
Description: OpenPGP digital signature

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to