owner 779621 ! thanks On Tue, Mar 03, 2015 at 07:57:36AM +0100, Moritz Muehlenhoff wrote: > Package: jakarta-taglibs-standard > Severity: important > Tags: security > > Please see > http://www.securityfocus.com/archive/1/534772 > > Cheers, > Moritz > >
Hi, I can try to backport the fix introduced in jakarta taglibs 2.1.3. However, I can't make promises that the result is even applicable to the outdated version we have in the archive (1.1.2). It looks like the diff is going to be really big for this late stage in the release cycle. I mean, the full diff between 2.1.1 and 2.1.3 has almost 7000 lines. Even if I carefully manage to successfully backport only the fix, the diff is going to be big. Upstream implemented the fix in a new class org.apache.taglibs.standard.util.XmlUtil with 389 LoC... I'll try to come up with something or report if I failed at that. Cheers, -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. "Faith means not wanting to know what is true." -- Nietzsche
signature.asc
Description: Digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
