Bug#558355: lucene2: Please mention that CVE-2007-2383 has been fixed on next upload
Jan-Pascal van Best
janpascal at vanbest.org
Sat Nov 28 18:39:48 UTC 2009
Hi Niels,
Would changing the changelog entry for lucene2 2.9.1+ds1-2
into
lucene2 (2.9.1+ds1-2) unstable; urgency=low
* Removed (unused) embedded Prototype javascript library
(Closes: #555225, #555226; Fix CVE-2007-2383)
do, on the next upload (which will be 2.9.1+ds1-3)?
Cheers
Jan-Pascal
Niels Thykier wrote:
> Package: lucene2
> Severity: important
>
> Hi
>
> A recent upload of lucene2 fixed #555225; but did not mention that
> this fixed CVE-2007-2383. This causes the security tracker to
> believe that lucene2 is still affected.
>
> Therefore please mention that CVE-2007-2383 has been fixed in the
> changelog on next upload.
>
> Thank you in advance,
> ~Niels
>
> -- System Information:
> Debian Release: squeeze/sid
> APT prefers testing
> APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.30-2-686 (SMP w/2 CPU cores)
> Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
>
>
> _______________________________________________
> pkg-java-maintainers mailing list
> pkg-java-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
>
--
Jan-Pascal van Best
janpascal at vanbest.org, janpascal at vanbest.eu
http://www.vanbest.org/janpascal/
GPG key fingerprint 4617 E5FB C56D ACB6 7C8C DE64 3A4C B270 1A89 CC23
More information about the pkg-java-maintainers
mailing list