Bug#762690: libhibernate-validator-java: affected by CVE-2014-3558
Emmanuel Bourg
ebourg at apache.org
Tue Nov 18 12:35:40 UTC 2014
Le 18/11/2014 11:51, Raphael Hertzog a écrit :
> Thank you for this information but it's not really a satisfactory answer.
I understand your concerns and I'm not claiming that shipping vulnerable
libraries is a good thing. My answer was a factual evaluation of the
impact of this vulnerability on Debian, so people are at least informed
about the actual risks.
> Please send a call for help on debian-devel(-announce) if you are not able
> to do the basic work of keeping your packages up-to-date. Then the
> publicity team might relay your message further... and maybe you'll find
> some supplementary volunteers.
Updating packages is not always "basic" unfortunately, I wish it was though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20141118/b410ccb5/attachment.sig>
More information about the pkg-java-maintainers
mailing list