Bug#611130: CVE-2010-2087

Steve McIntyre steve at einval.com
Mon May 14 14:29:09 UTC 2012

On Sun, May 13, 2012 at 09:23:45PM +0200, Moritz Mühlenhoff wrote:
>On Sun, May 13, 2012 at 05:52:05PM +0100, Steve McIntyre wrote:
>> On Sun, Oct 02, 2011 at 05:53:48PM -0430, Miguel Landaeta wrote:
>> >#tag 611130 + idontgiveadamn
>> >tag 611130 + moreinfo
>> >kthxbye
>> >
>> >Upstream doesn't answer any request about this bug.
>> >
>> >I sent emails, I posted in their discussion forum and even joined their
>> >irc channel to ask a couple of question about this bug. I didn't receive
>> >any answer, I can say I was completely ignored.
>> >
>> >There is no info at Mitre website and AFAIK this issue is not fixed in
>> >any other free software distribution.
>> >
>> >I don't have time neither interest on this, good luck to anybody
>> >interested in fixing this bug. Be aware of uncooperative upstream.
>> Given this, this package looks like a prime candidate for removal from
>> the archive to be honest. Thoughts?
>I concur, but libspring build-depends on it, something which needs to
>be addressed somehow.

Ick. :-(

Steve McIntyre, Cambridge, UK.                                steve at einval.com
Support the Campaign for Audiovisual Free Expression: http://www.eff.org/cafe/

More information about the pkg-java-maintainers mailing list