Bug#704261: maven: Please package maven 3.0.5
Miguel Landaeta
miguel at miguel.cc
Sun Mar 31 00:52:16 UTC 2013
On Sat, Mar 30, 2013 at 10:53 AM, Luís Picciochi Oliveira
<Pitxyoki at gmail.com> wrote:
> Please upgrade maven to 3.0.5. Upstream recommends against using 3.0.4 due to
> the following security vulnerability: http://maven.40175.n5.nabble.com
> /SECURITY-CVE-2013-0253-Apache-Maven-3-0-4-td5748186.html , currently also
> visible at https://maven.apache.org/security.html .
>
> It would be nice to have the safer 3.0.5 version in Wheezy once it goes stable.
Hi Luis,
This issue was already fixed in libwagon2-java by Michael Gilbert in #701991.
Maven 3.0.5 upstream release only updates POM files to point to
libwagon2-java 2.4 but Michael backported the fix to 2.2 so there is
no rush to update Maven right now.
Thanks for your report.
--
Miguel Landaeta, miguel at miguel.cc
secure email with PGP 0x6E608B637D8967E9 available at http://keyserver.pgp.com/
"Faith means not wanting to know what is true." -- Nietzsche
More information about the pkg-java-maintainers
mailing list