On 07/27/2012 04:08 AM, Thijs Kinkhorst wrote: > Hi, > >>> However, this is not a vulnerability, only extra hardening which is > surely >>> useful but not a vulnerability in itself. I'm therefore downgrading this >>> bug to minor: the request to update the README.Debian. > >> Thank you for looking into this bug. I shouldn't have let this one go >> for so long, but honestly, I'm not sure about the text to add to the >> package readme. > >> Can you propose appropriate wording to add to README.Debian. Would it >> be sufficient to reference the CVE and include a link (say, to [1])? > > See attached patch for a change to README.Debian. I've tested it and > confirmed that it has the desired effect. > > Please apply it to the repository; I'm not sure that a separate upload to > wheezy is warranted for this but if you're going to make an upload before > the release please be sure to include this aswell. > > > Cheers, > Thijs
Applied - thank you! tony __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.