Salvatore Bonaccorso <> writes:

> Hi Felix,

hello Salvatore,

> Sorry for the delay in getting back to you.
> On Fri, Apr 06, 2018 at 09:40:40PM +0200, Felix Natter wrote:
>> hello Security Team,
>> here are the CVE-2018-1000069 security updates for jessie and stretch:
>> [jessie]
>> (jessie-CVE-2018-1000069 branch)
>> [stretch]
>> (stretch-CVE-2018-1000069 branch)
>> Both are tested:
>> - builds
>> - activation log message is seen
>> - Save and Load XML works
>> In what format would you like the "tested packages"? *.deb?
>> Here is the corrsponding upstream commit:
>> The debdiffs are attached.
> Debdiffs looks good to me. I just have a question, for the
> jessie-debdiff: In the was the removal of
> the import of org.freeplane.n3.nanoxml.XMLParserFactory not done on
> purpose?

Yes and no. On jessie the patch did not cleanly apply, so I would have
had to apply that change manually. Since removing the import has no
effect on the semantics of the program (as long as it still compiles), I
was too lazy. It should be ok.

> Other than that, when above question commented on, feel free to upload
> to security-master (AFICS you will need a sponsor, but guess Markus
> will cime in here as well). Remember that both needs to be build with
> -sa.

May I ask why the full source must be included?

@Markus: Would you be so kind to take care of uploading?

Cheers and Best Regards,
Felix Natter

This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to