Bug#893663: freeplane: CVE-2018-1000069 XXE vulnerability
Sébastien Delafond
seb at debian.org
Wed Apr 11 10:47:15 BST 2018
On Apr/10, Felix Natter wrote:
> Yes and no. On jessie the patch did not cleanly apply, so I would have
> had to apply that change manually. Since removing the import has no
> effect on the semantics of the program (as long as it still compiles),
> I was too lazy. It should be ok.
Let's leave it then.
For further contributions, however, please make sure you cleanly
retrofit any patch that doesn't apply as-is: this will reduce the
overhead and questions when reviewing on our side.
> May I ask why the full source must be included?
Because they will be new on security-master.
Cheers,
--Seb
More information about the pkg-java-maintainers
mailing list