Bug#880467: jasperreports: CVE-2017-14941, CVE-2017-5528, CVE-2017-5529
Emmanuel Bourg
ebourg at apache.org
Sat Dec 9 22:43:38 UTC 2017
Le 09/12/2017 à 23:29, Moritz Mühlenhoff a écrit :
> I'd say let's kick it out, then. We have a build dependency (and run time
> dependencies) on libspring-java, can we axe it out there?
jasperreports is just a build dependency of some unused parts of
libspring-java. No application in Debian needs it at run time. So these
vulnerabilities can be safely ignored in the stable releases.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list