Bug#762690: libhibernate-validator-java: affected by CVE-2014-3558

Moritz Muehlenhoff jmm at inutil.org
Mon Mar 2 17:25:09 UTC 2015


severity 762690 important
thx

On Sun, Nov 02, 2014 at 11:38:30PM +0100, Emmanuel Bourg wrote:
> libhibernate-validator-java is only used as a build dependency of
> libhibernate3-java. No package depends on it at runtime, so the risk of
> being affected by this vulnerability is rather low, if not zero.

I'm downgrading the severity to normal. No need to treat it as a RC
security bug.

Cheers,
        Moritz



More information about the pkg-java-maintainers mailing list