Bug#686867: jruby: CVE-2011-4838
tony mancill
tmancill at debian.org
Thu Sep 20 19:10:30 UTC 2012
On 09/20/2012 07:05 AM, Hideki Yamane wrote:
> It's my mistake that using static version for symlink... sorry for the mess.
> And a bit confusion for versioning, so prepared fix as below.
> If it seems to be okay, I'll upload to unstable.
Hello Hideki,
Thank you for the quick response. The 2nd patch you supplied looks good
to me.
Also, I determined that I can build the jruby package successfully
against the nailgun package in wheezy, which I think might be preferable
anyway since this is a security bug that is being targeted for wheezy
(right?). The dependency on nailgun is a build-dep only, meaning that
it doesn't appear in the jruby Depends, and jruby is an architecture
"any" package.
Moritz, for this bug with respect to wheezy, would you prefer that an
updated package be uploaded to unstable + an unblock request, or would
this be a case for targeting testing-security?
Thank you,
tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20120920/6d255b69/attachment.pgp>
More information about the pkg-java-maintainers
mailing list