Bug#860068: Processed: Re: Bug#860068: tomcat8: CVE-2017-5647

Markus Koschany apo at debian.org
Tue Apr 11 15:24:25 UTC 2017


Am 11.04.2017 um 17:18 schrieb Salvatore Bonaccorso:
> Hi Markus,
> 
> On Tue, Apr 11, 2017 at 02:18:14PM +0000, Debian Bug Tracking System wrote:
>> Processing control commands:
>>
>>> merge 860068 860069 860070 860071
>> Bug #860068 [src:tomcat8] tomcat8: CVE-2017-5647
>> Bug #860069 [src:tomcat8] tomcat8: CVE-2017-5648
>> Marked as found in versions tomcat8/8.5.11-1.
>> Bug #860068 [src:tomcat8] tomcat8: CVE-2017-5647
>> Marked as found in versions tomcat8/8.5.11-1.
>> Bug #860071 [src:tomcat8] tomcat8: CVE-2017-5651
>> Marked as found in versions tomcat8/8.0.14-1.
>> Bug #860070 [src:tomcat8] tomcat8: CVE-2017-5650
>> Marked as found in versions tomcat8/8.0.14-1.
>> Merged 860068 860069 860070 860071
> 
> Why the merge? I was a exlicit choice to open 4 bugs due to the
> different CVE's and different affected versions (note that two affect
> 8.0.14-1 and two only 8.5.11-1 but not the version in jessie).

Hi,

please combine CVEs for (Java) packages because single bug reports just
create more noise on the list and in the end we make one upload to
address all of them together. I suggest to use the found/fixed tags as
needed.

Regards,

Markus


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20170411/9391a369/attachment-0001.sig>


More information about the pkg-java-maintainers mailing list