Bug#611849: CVE-2010-4647/CVE-2008-7271: XSS in help browser application
Jonathan Wiltshire
jmw at debian.org
Sat Feb 19 22:40:18 UTC 2011
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
lenny (5.0.9)
(I already noted your accepted fix for 6.0.1; thanks for being pro-active!)
Please arrange to backport your fix and liase with the release team for
permission to upload. I will happily assist you if the patch is
straightforward and you need help or lack time.
For details of this process and the rationale, please see the original
announcement [1] and my blog post [2].
1: <201101232332.11736.thijs at debian.org>
2: http://deb.li/prsc
Thanks,
with his security hat on:
--
Jonathan Wiltshire jmw at debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20110219/2ce9b2f8/attachment.pgp>
More information about the pkg-java-maintainers
mailing list