Bug#735420: libspring-java: CVE-2013-6429 CVE-2013-6430
Markus Koschany
apo at gambaru.de
Sat Jan 25 14:39:16 UTC 2014
On 25.01.2014 15:22, Miguel Landaeta wrote:
> On Thu, Jan 23, 2014 at 12:05:01AM +0100, Markus Koschany wrote:
>> Control: tags -1 confirmed
>> Control: owner -1 !
>>
>> I'm working on a new revision and stable-security update.
>>
>> Markus
>>
>
> Hi Markus,
>
> Thanks for taking care of this bug.
>
> I'm kinda slow nowadays to react to some bug reports but I'll be happy to
> review and sponsor the new revision when you are ready. Just let me
> know about it.
>
Hi Miguel,
No problem. Since I have dealt with the last security issue, I thought
I'll care for this related "follow-up" bug, too. :)
Yesterday I sent a request for review and sponsorship to the debian-java
list.
https://lists.debian.org/debian-java/2014/01/msg00052.html
I have simply tried to backport upstream's commits. In case of
CVE-2013-6430 that was straightforward but the other one needed
additional work. I'd be glad if you reviewed my changes and uploaded the
package to unstable. I will then open a new RT security ticket and
hopefully the libspring-java can be uploaded to stable-security, too.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20140125/cd2fb4f5/attachment.sig>
More information about the pkg-java-maintainers
mailing list