Fixed in Trusty. Precise wasn't affected.
** Changed in: maven (Ubuntu)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1136109
Title:
Upstream security
This may not actually be an issue for 12.04. From the debian-java list:
If precise doesn't have libwagon2-java you are probably safe. The
description of CVE-2013-0253 states that wagon was vulnerable starting
with the version 2.1. And looking at the patch for wagon 2 [2], none of
the code
Trusty Tahr has Maven 3.0.5. Maybe it's easier to upgrade your distro.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1136109
Title:
Upstream security vulnerability in 3.0.4
To manage notifications
Upstream fixed the problem 6 months ago. Can this be released in ubuntu,
please?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1136109
Title:
Upstream security vulnerability in 3.0.4
To manage
I looked into this and sadly, I don't think I can justify spending my
employer's time one this so I shall have to decline.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1136109
Title:
Upstream
Forgive me, is there any action planned on this defect? It's been fixed
upstream for a week now and it is a security issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1136109
Title:
Upstream
Edward, no one has announced here that an update is in progress. If you
wanted to prepare one, it seems unlikely that you would duplicate
someone else's work. The link in comment #1 provides some information on
how to prepare updates.
Thanks
--
You received this bug notification because you are
** Changed in: maven (Debian)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1136109
Title:
Upstream security vulnerability in 3.0.4
To manage notifications about
** Changed in: maven (Debian)
Status: Incomplete = New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1136109
Title:
Upstream security vulnerability in 3.0.4
To manage notifications about
** Bug watch added: Debian Bug tracker #701991
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701991
** Also affects: maven (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701991
Importance: Unknown
Status: Unknown
** CVE added: http://www.cve.mitre.org/cgi-
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
11 matches
Mail list logo
