Bug#741604: libspring-java: Multiple security issues
owner 741604 ! tags 741604 + confirmed thanks On Fri, Mar 14, 2014 at 01:24:47PM +0100, Moritz Muehlenhoff wrote: Package: libspring-java Severity: grave Tags: security Justification: user security hole http://www.gopivotal.com/security/cve-2014-0054 http://www.gopivotal.com/security/cve-2014-1904 I'm not sure whether these are worth a DSA? Hi Moritz, I believe a DSA is not necessary for those CVEs. I'm preparing fixes for sid and stable. Cheers, -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://db.debian.org/fetchkey.cgi?fingerprint=4CB7FE1E280ECC90F29A597E6E608B637D8967E9 Faith means not wanting to know what is true. -- Nietzsche signature.asc Description: Digital signature
Bug#741604: libspring-java: Multiple security issues
On Mon, Mar 24, 2014 at 04:46:02PM -0300, Miguel Landaeta wrote: I believe a DSA is not necessary for those CVEs. I want to rectify on this. I think a DSA is necessary because the fix for CVE-2014-0054 addresses an incomplete fix for CVE-2013-4152 / CVE-2013-6429 and some of those vulnerabilities were covered on DSA-2857-1. -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://db.debian.org/fetchkey.cgi?fingerprint=4CB7FE1E280ECC90F29A597E6E608B637D8967E9 Faith means not wanting to know what is true. -- Nietzsche signature.asc Description: Digital signature
Bug#741604: libspring-java: Multiple security issues
Package: libspring-java Severity: grave Tags: security Justification: user security hole http://www.gopivotal.com/security/cve-2014-0054 http://www.gopivotal.com/security/cve-2014-1904 I'm not sure whether these are worth a DSA? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
