Bug#611130: CVE-2010-2087
Steve McIntyre
steve at einval.com
Mon May 14 14:29:09 UTC 2012
On Sun, May 13, 2012 at 09:23:45PM +0200, Moritz Mühlenhoff wrote:
>On Sun, May 13, 2012 at 05:52:05PM +0100, Steve McIntyre wrote:
>> On Sun, Oct 02, 2011 at 05:53:48PM -0430, Miguel Landaeta wrote:
>> >#tag 611130 + idontgiveadamn
>> >tag 611130 + moreinfo
>> >kthxbye
>> >
>> >Upstream doesn't answer any request about this bug.
>> >
>> >I sent emails, I posted in their discussion forum and even joined their
>> >irc channel to ask a couple of question about this bug. I didn't receive
>> >any answer, I can say I was completely ignored.
>> >
>> >There is no info at Mitre website and AFAIK this issue is not fixed in
>> >any other free software distribution.
>> >
>> >I don't have time neither interest on this, good luck to anybody
>> >interested in fixing this bug. Be aware of uncooperative upstream.
>>
>> Given this, this package looks like a prime candidate for removal from
>> the archive to be honest. Thoughts?
>
>I concur, but libspring build-depends on it, something which needs to
>be addressed somehow.
Ick. :-(
--
Steve McIntyre, Cambridge, UK. steve at einval.com
Support the Campaign for Audiovisual Free Expression: http://www.eff.org/cafe/
More information about the pkg-java-maintainers
mailing list