On Apr/15, Markus Koschany wrote:
> I have prepared a patch for CVE-2014-3577 (commons-httpclient). [1] The
> patch is identical to the Jessie / Sid fix. Do you consider this
> vulnerability important enough for a DSA or do you prefer a point
> release update?

Hi Markus,

this issue was marked "no-dsa" some time ago (see
https://security-tracker.debian.org/tracker/CVE-2014-3577), so a
point-release update will be the way to go.



This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to