Bug#611849: CVE-2010-4647/CVE-2008-7271: XSS in help browser application
Niels Thykier
niels at thykier.net
Sun Feb 20 00:43:44 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2011-02-19 23:40, Jonathan Wiltshire wrote:
> Dear maintainer,
>
Hey
> Recently you fixed one or more security problems and as a result you closed
> this bug. These problems were not serious enough for a Debian Security
> Advisory, so they are now on my radar for fixing in the following suites
> through point releases:
>
> lenny (5.0.9)
>
I think your radar might be broken, as eclipse has been removed from
Lenny[1]. :P Though if still needed I can find you the patches, I have
seen for these issues; but I can do very little for eclipse 3.2.2 that
was in Lenny as I have never built that version of eclipse (this is also
related to why I asked for it to be removed from Lenny in the first place).
Nevertheless, thanks for the heads up. :)
> (I already noted your accepted fix for 6.0.1; thanks for being pro-active!)
>
You are welcome. :)
> Please arrange to backport your fix and liase with the release team for
> permission to upload. I will happily assist you if the patch is
> straightforward and you need help or lack time.
>
> For details of this process and the rationale, please see the original
> announcement [1] and my blog post [2].
>
> 1: <201101232332.11736.thijs at debian.org>
> 2: http://deb.li/prsc
>
> Thanks,
>
> with his security hat on:
~Niels
[1] http://packages.qa.debian.org/e/eclipse/news/20100626T090858Z.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJNYGO/AAoJEAVLu599gGRCRrAP/1UarK7PBc2+v1E87uVZqhXY
S8cTMkmnMs3tWFflhB5xEvPfJT0/deeqqllPWnJDMTkXQuZTHP7xzYxd2xOhtdT4
XTa2qixm8qMxqwWrmAgijfxIgX3/p5/hmnSIABCnSt2Tq7yFwTh8pe2w9Qa9CuWU
QgUiO4ETYmB1RJqtfRnCU8w/FX17ZAlbBFloJTgdKMZUDGvedre4bmyrLiEb0tkJ
Fsjn3k5xkddItjwEKjIyhWS8NZO4mGp5jNiPdWqtAlEouqX7k4KBxaCsIgysPwnu
IUyFOyXjko1bPPu0YLY6WYSrMTwk9pvNct+0hyg/bQD6DI2zC9kEq1h6KEWtisuC
wOzDJsdPJO3VOGFmxE4g48MSLoZO/yaOqIM4BUnbs3VJNf0Gd5GgCbopPOm87KMn
C4AumE7WfXHaK2T7AmqLgy2c8r10ak/t8s9s/R1n06hnG//Zc9MtO8nyZRJWqt2m
HNZwTG7AVNtDZ3RAzpwizGsHc56IvF+W0mQcErOs+bBnSGTM2MuLfTPgFUN7luQY
863z7nEBbL7MfZXxCNr4HNlWidLgLhrKV9oknSTqm9CvJwyybE2d56TuWzZWQ3/I
nfBOOegoSxuyuufQWE0p6DoaW/M7Wt7W2M4qvG2wZjhBLOw94Ws+tQAZCSSucfVb
s4SYJoHDFHSooV8k0HMm
=vRVz
-----END PGP SIGNATURE-----
More information about the pkg-java-maintainers
mailing list