Bug#1057343: Processed: Re: Bug#1057315: tiles: CVE-2023-49735

On Mon, Dec 04, 2023 at 09:13:41AM +, Holger Levsen wrote: > Hi Salvatore, > > thanks for your continous work on Debian security! > > On Sun, Dec 03, 2023 at 08:03:05PM +, Debian Bug Tracking System wrote: > > > clone -1 -2 -3 > > Bug #1057315 [src:tiles] tiles: CVE-2023-49735 > > Bug

Bug#1057343: Processed: Re: Bug#1057315: tiles: CVE-2023-49735

Hi Salvatore, thanks for your continous work on Debian security! On Sun, Dec 03, 2023 at 08:03:05PM +, Debian Bug Tracking System wrote: > > clone -1 -2 -3 > Bug #1057315 [src:tiles] tiles: CVE-2023-49735 > Bug 1057315 cloned as bugs 1057342-1057343 > > retitle -2 tiles: Add

Bug#1057315: tiles: CVE-2023-49735

Control: clone -1 -2 -3 Control: retitle -2 tiles: Add README.Debian.security to document support status Control: reassign -3 src:debian-security-support Control: retitle -3 Mark tiles as only supported for building applications shipped in Debian Hi, On Sun, Dec 03, 2023 at 03:35:31PM +0100,

Bug#1057315: tiles: CVE-2023-49735

Am Sonntag, dem 03.12.2023 um 15:10 +0100 schrieb Moritz Muehlenhoff: > > But maybe we can set it as "no-dsa", is it only used as build > > dependency for libspring-java and not sensible outside? > > Spring is already marked as unsupported, so we can simply extend that. +1 This is sensible in

Bug#1057315: tiles: CVE-2023-49735

Salvatore Bonaccorso wrote: > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > The project is dead-upstream TTBOMK, so not sure if/what we can do at > all for this issue. Removal seems not possible as per:

Bug#1057315: tiles: CVE-2023-49735

Source: tiles Version: 3.0.7-5 Severity: important Tags: security upstream X-Debbugs-Cc: a...@debian.org, ebo...@apache.org, car...@debian.org, Debian Security Team Hi, The following vulnerability was published for tiles. CVE-2023-49735[0]: | ** UNSUPPORTED WHEN ASSIGNED ** The value set as