severity 762690 important
thx
On Sun, Nov 02, 2014 at 11:38:30PM +0100, Emmanuel Bourg wrote:
libhibernate-validator-java is only used as a build dependency of
libhibernate3-java. No package depends on it at runtime, so the risk of
being affected by this vulnerability is rather low, if not
Processing commands for cont...@bugs.debian.org:
severity 762690 important
Bug #762690 [libhibernate-validator-java] libhibernate-validator-java: affected
by CVE-2014-3558
Severity set to 'important' from 'serious'
thx
Unknown command or malformed arguments to command.
On Sun, Nov 02, 2014 at
On Wed, Nov 19, 2014 at 04:16:01PM +0100, Emmanuel Bourg wrote:
Le 19/11/2014 14:49, Raphael Hertzog a écrit :
Given it fixes an RC bug, will you check with the release team about a
possible exception to the freeze rules?
I saw you uploaded to experimental, thus I'm wondering if you
Le 19/11/2014 14:49, Raphael Hertzog a écrit :
Given it fixes an RC bug, will you check with the release team about a
possible exception to the freeze rules?
I saw you uploaded to experimental, thus I'm wondering if you were going
to try that anyway.
Hi Raphael,
I uploaded to experimental
On Sun, 02 Nov 2014 23:38:30 +0100 Emmanuel Bourg ebo...@apache.org wrote:
libhibernate-validator-java is only used as a build dependency of
libhibernate3-java. No package depends on it at runtime, so the risk of
being affected by this vulnerability is rather low, if not zero.
Thank you for
Le 18/11/2014 11:51, Raphael Hertzog a écrit :
Thank you for this information but it's not really a satisfactory answer.
I understand your concerns and I'm not claiming that shipping vulnerable
libraries is a good thing. My answer was a factual evaluation of the
impact of this vulnerability on
Le 18/11/2014 20:28, Eugene Zhukov a écrit :
I've been looking into upgrading it to version 4.2.1.Final. I will commit my
work in progress to a separate branch tomorrow. It needs a couple of new
dependencies, I will try to commit those tomorrow as well.
I have the upgrade ready Eugene, I'll
Hi,
I've been looking into upgrading it to version 4.2.1.Final. I will commit my
work in progress to a separate branch tomorrow. It needs a couple of new
dependencies, I will try to commit those tomorrow as well.
Eugene
__
This is the maintainer address of Debian's Java team
On 18 Nov 2014, at 21:37, Emmanuel Bourg ebo...@apache.org wrote:
Le 18/11/2014 20:28, Eugene Zhukov a écrit :
I've been looking into upgrading it to version 4.2.1.Final. I will commit my
work in progress to a separate branch tomorrow. It needs a couple of new
dependencies, I will try
libhibernate-validator-java is only used as a build dependency of
libhibernate3-java. No package depends on it at runtime, so the risk of
being affected by this vulnerability is rather low, if not zero.
Emmanuel Bourg
__
This is the maintainer address of Debian's Java team
Package: libhibernate-validator-java
Severity: serious
Tags: security
Hi,
the following vulnerability was published for libhibernate-validator-java.
CVE-2014-3558[0]:
It was discovered that the implementation of
org.hibernate.validator.util.ReflectionHelper together with the permissions
required
11 matches
Mail list logo