Bug#704261: maven: Please package maven 3.0.5
miguel at miguel.cc
Sun Mar 31 00:52:16 UTC 2013
On Sat, Mar 30, 2013 at 10:53 AM, Luís Picciochi Oliveira
<Pitxyoki at gmail.com> wrote:
> Please upgrade maven to 3.0.5. Upstream recommends against using 3.0.4 due to
> the following security vulnerability: http://maven.40175.n5.nabble.com
> /SECURITY-CVE-2013-0253-Apache-Maven-3-0-4-td5748186.html , currently also
> visible at https://maven.apache.org/security.html .
> It would be nice to have the safer 3.0.5 version in Wheezy once it goes stable.
This issue was already fixed in libwagon2-java by Michael Gilbert in #701991.
Maven 3.0.5 upstream release only updates POM files to point to
libwagon2-java 2.4 but Michael backported the fix to 2.2 so there is
no rush to update Maven right now.
Thanks for your report.
Miguel Landaeta, miguel at miguel.cc
secure email with PGP 0x6E608B637D8967E9 available at http://keyserver.pgp.com/
"Faith means not wanting to know what is true." -- Nietzsche
More information about the pkg-java-maintainers