Bug#674448: CVE-2012-2098
tony mancill
tmancill at debian.org
Thu Jun 21 04:42:32 UTC 2012
On 06/17/2012 04:11 PM, Miguel Landaeta wrote:
> tags 674448 + pending
> thanks
>
> On Thu, May 24, 2012 at 08:13:35PM +0200, Moritz Muehlenhoff wrote:
>> Package: libcommons-compress-java
>> Version: 1.2-1
>> Severity: grave
>> Tags: security
>>
>> Please see https://commons.apache.org/compress/security.html
>>
>> Fixed in 1.4.1. This doesn't warrant a DSA, but you could fix
>> it through a point update for Squeeze 6.0.6.
>
> This is already fixed in the svn repo. A new package will be uploaded soon.
Built and ready for upload, awaiting xz-java (new build-dep) to make it
through NEW.
How would the point update work for Squeeze given that there is a new
build dependency that needs to be added to Squeeze as well? Once we
have approval, can we simply upload both the new package and the updated
libcommons-compress-java at the same time?
Cheers,
tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20120620/ff514bd7/attachment-0001.pgp>
More information about the pkg-java-maintainers
mailing list