Bug#762690: libhibernate-validator-java: affected by CVE-2014-3558
Emmanuel Bourg
ebourg at apache.org
Wed Nov 19 15:16:01 UTC 2014
Le 19/11/2014 14:49, Raphael Hertzog a écrit :
> Given it fixes an RC bug, will you check with the release team about a
> possible exception to the freeze rules?
>
> I saw you uploaded to experimental, thus I'm wondering if you were going
> to try that anyway.
Hi Raphael,
I uploaded to experimental because the debdiff is 80k lines long and I'm
not sure the release team is willing to consider it. I checked that
libhibernate3-java still builds fine with this version. I'm confident
this is a safe upgrade since libhibernate-validator-java has only one
reverse dependency and is never used at runtime by another binary
package. So this could go into oldstable/stable/testing but that's not
my call.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list