On Sat, Mar 30, 2013 at 10:53 AM, Luís Picciochi Oliveira <pitxy...@gmail.com> wrote: > Please upgrade maven to 3.0.5. Upstream recommends against using 3.0.4 due to > the following security vulnerability: http://maven.40175.n5.nabble.com > /SECURITY-CVE-2013-0253-Apache-Maven-3-0-4-td5748186.html , currently also > visible at https://maven.apache.org/security.html . > > It would be nice to have the safer 3.0.5 version in Wheezy once it goes > stable.
Hi Luis, This issue was already fixed in libwagon2-java by Michael Gilbert in #701991. Maven 3.0.5 upstream release only updates POM files to point to libwagon2-java 2.4 but Michael backported the fix to 2.2 so there is no rush to update Maven right now. Thanks for your report. -- Miguel Landaeta, miguel at miguel.cc secure email with PGP 0x6E608B637D8967E9 available at http://keyserver.pgp.com/ "Faith means not wanting to know what is true." -- Nietzsche -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org