On Apr/15, Markus Koschany wrote: > I have prepared a patch for CVE-2014-3577 (commons-httpclient). [1] The > patch is identical to the Jessie / Sid fix. Do you consider this > vulnerability important enough for a DSA or do you prefer a point > release update?
Hi Markus, this issue was marked "no-dsa" some time ago (see https://security-tracker.debian.org/tracker/CVE-2014-3577), so a point-release update will be the way to go. Cheers, --Seb -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org