Bug#741604: libspring-java: Multiple security issues

Miguel Landaeta Mon, 24 Mar 2014 14:34:23 -0700

On Mon, Mar 24, 2014 at 04:46:02PM -0300, Miguel Landaeta wrote:
> I believe a DSA is not necessary for those CVEs.
>


I want to rectify on this. I think a DSA is necessary because the fix
for CVE-2014-0054 addresses an incomplete fix for CVE-2013-4152 /
CVE-2013-6429 and some of those vulnerabilities were covered on
DSA-2857-1.

-- 
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at
http://db.debian.org/fetchkey.cgi?fingerprint=4CB7FE1E280ECC90F29A597E6E608B637D8967E9
"Faith means not wanting to know what is true." -- Nietzsche

signature.asc
Description: Digital signature

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#741604: libspring-java: Multiple security issues

Reply via email to