Bug#704261: maven: Please package maven 3.0.5
Luís Picciochi Oliveira
Pitxyoki at Gmail.com
Sat Mar 30 13:53:38 UTC 2013
Package: maven
Version: 3.0.4-3
Severity: normal
Dear Maintainer,
Please upgrade maven to 3.0.5. Upstream recommends against using 3.0.4 due to
the following security vulnerability: http://maven.40175.n5.nabble.com
/SECURITY-CVE-2013-0253-Apache-Maven-3-0-4-td5748186.html , currently also
visible at https://maven.apache.org/security.html .
It would be nice to have the safer 3.0.5 version in Wheezy once it goes stable.
Thanks and best regards,
Luís Picciochi
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages maven depends on:
ii libaether-java 1.13.1-2
ii libcommons-cli-java 1.2-3
ii libcommons-codec-java 1.6-1
ii libcommons-httpclient-java 3.1-10.2
ii libcommons-logging-java 1.1.1-9
ii libguava-java 11.0.2-1
ii libplexus-cipher-java 1.5-4
ii libplexus-classworlds2-java 2.4-1
ii libplexus-containers1.5-java 1.5.5-2
ii libplexus-interpolation-java 1.11-3
ii libplexus-sec-dispatcher-java 1.3.1-6
ii libplexus-utils2-java 2.0.5-1
ii libsisu-guice-java 3.1.1-1
ii libsisu-ioc-java 2.3.0-3
ii libwagon2-java 2.2-3+nmu1
ii openjdk-7-jre [java5-runtime] 7u3-2.1.6-1
ii openjdk-7-jre-headless [java5-runtime-headless] 7u3-2.1.6-1
maven recommends no packages.
maven suggests no packages.
-- no debconf information
More information about the pkg-java-maintainers
mailing list