Bug#759526: New upstream version fixes CVE-2014-3604

[tony mancill]

On 09/09/2014 09:27 AM, Matthew Vernon wrote:
> Hi,
> 
> Upstream have released 0.3.15, which fixes this bug. I’m still away (and will be for a while yet); would one of the java team mind uploading 0.3.15, please? Hopefully it’ll just drop in on top of the existing packaging…
> 
> Thanks,
> 
> Matthew

Hi Matthew.

I'm taking a look at it now and think it will be mostly straightforward.

There are a few new build-deps to be added and a new patch to be created
for build.xml.  The only thing that gives me pause is that upstream is
building against the latest version of bouncycastle, 1.51, which is
newer than what we have in Debian right now.  I'll know soon whether
this causes an issue.

Cheers,
tony

P.S.  Anyone on the Java Team interested in looking at getting a newer
version of BC into the archive for jessie?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20140909/4ad20d80/attachment.sig>