On Apr/15, Markus Koschany wrote: > I have prepared a patch for CVE-2014-3577 (commons-httpclient). [1] The > patch is identical to the Jessie / Sid fix. Do you consider this > vulnerability important enough for a DSA or do you prefer a point > release update?
Hi Markus, this issue was marked "no-dsa" some time ago (see https://security-tracker.debian.org/tracker/CVE-2014-3577), so a point-release update will be the way to go. Cheers, --Seb __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.