Bug#758972: Please remove mojarra
Henri Salo
henri at nerv.fi
Sat Aug 23 11:28:52 UTC 2014
Package: mojarra
Version: 2.0.3-3
Severity: critical
Tags: security
Please remove mojarra source package from Debian as it has been unmaintained and
contains several unfixed security vulnerabilities with no replies from
maintainer.
https://packages.debian.org/source/sid/mojarra
http://packages.qa.debian.org/m/mojarra.html
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=mojarra
CVE-2012-2672: https://bugs.debian.org/677194 Jun 2012
CVE-2013-5855: https://bugs.debian.org/740586 Mar 2014
Moritz commented to this in private email:
"""
Unmaintained packages should be removed, but spring build-depends on
one of the libs from mojarra:
jmm at pisco:~$ build-rdeps libjsf-api-java
Reverse Build-depends in main:
------------------------------
libspring-java
So it needs to be checked whether that can be dropped from Spring.
"""
If maintainer shows some activity I could help to get these issues fixed.
---
Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20140823/974af022/attachment.sig>
More information about the pkg-java-maintainers
mailing list