Hi Tony, On Sat, Sep 06, 2014 at 08:50:24AM -0700, tony mancill wrote: > On Wed, 02 Jul 2014 10:36:55 +0200 Moritz Muehlenhoff <j...@inutil.org> > wrote: > > Package: libspring-java > > Severity: grave > > Tags: security > > Justification: user security hole > > > > Hi, > > please see http://www.gopivotal.com/security/cve-2014-0225 > > Hello, > > I have uploaded a a patched version (thanks Stephen!) to unstable and > prepared an upload 3.0.6.RELEASE-6+deb7u4 for wheezy-security, for which > the debdiff for the .dsc and .changes is attached. (It is essentially > identical to the debdiff for unstable.) I also placed the source and > binary packages for the wheezy update here: > > https://people.debian.org/~tmancill/libspring-java_wheezy/ > > for Security Team review.
AFAICS at the time (at least), this CVE was marked no-dsa. Do you concur on this classification or is there something we missed? If so, could you contact the stable release managers to have an update trough stable proposed updates? Regards, Salvatore __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.