Bug#558355: lucene2: Please mention that CVE-2007-2383 has been fixed on next upload

Niels Thykier niels at thykier.net
Sun Nov 29 16:33:16 UTC 2009

> Hi Niels,
> Would changing the changelog entry for lucene2 2.9.1+ds1-2
> into
> lucene2 (2.9.1+ds1-2) unstable; urgency=3Dlow
>   * Removed (unused) embedded Prototype javascript library
>     (Closes: #555225, #555226; Fix CVE-2007-2383)
> do, on the next upload (which will be 2.9.1+ds1-3)?
> Cheers
> Jan-Pascal

Hi Jan-Pascal

I believe this is what Torsten Werner did with jetty a few uploads
back[1] and then passed "-v" to dpkg-genchanges/dpkg-buildpackage; but I
am actually not sure if this is all there is too it.


[1] http://packages.qa.debian.org/j/jetty/news/20090906T213439Z.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20091129/298104f2/attachment.pgp>

More information about the pkg-java-maintainers mailing list