Bug#735420: libspring-java: CVE-2013-6429 CVE-2013-6430
On 25.01.2014 15:22, Miguel Landaeta wrote: On Thu, Jan 23, 2014 at 12:05:01AM +0100, Markus Koschany wrote: Control: tags -1 confirmed Control: owner -1 ! I'm working on a new revision and stable-security update. Markus Hi Markus, Thanks for taking care of this bug. I'm kinda slow nowadays to react to some bug reports but I'll be happy to review and sponsor the new revision when you are ready. Just let me know about it. Hi Miguel, No problem. Since I have dealt with the last security issue, I thought I'll care for this related follow-up bug, too. :) Yesterday I sent a request for review and sponsorship to the debian-java list. https://lists.debian.org/debian-java/2014/01/msg00052.html I have simply tried to backport upstream's commits. In case of CVE-2013-6430 that was straightforward but the other one needed additional work. I'd be glad if you reviewed my changes and uploaded the package to unstable. I will then open a new RT security ticket and hopefully the libspring-java can be uploaded to stable-security, too. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#735420: libspring-java: CVE-2013-6429 CVE-2013-6430
On Sat, Jan 25, 2014 at 03:39:16PM +0100, Markus Koschany wrote: Yesterday I sent a request for review and sponsorship to the debian-java list. https://lists.debian.org/debian-java/2014/01/msg00052.html That's right, I just saw that thread and I replied to it. I'll let you know my comments later. Cheers, -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://db.debian.org/fetchkey.cgi?fingerprint=4CB7FE1E280ECC90F29A597E6E608B637D8967E9 Faith means not wanting to know what is true. -- Nietzsche signature.asc Description: Digital signature
Bug#735420: libspring-java: CVE-2013-6429 CVE-2013-6430
Control: tags -1 confirmed Control: owner -1 ! I'm working on a new revision and stable-security update. Markus signature.asc Description: OpenPGP digital signature
Bug#735420: libspring-java: CVE-2013-6429 CVE-2013-6430
Package: libspring-java Severity: grave Tags: security Justification: user security hole Please see http://www.gopivotal.com/security/cve-2013-6429 http://www.gopivotal.com/security/cve-2013-6430 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
