Bug#741604: libspring-java: Multiple security issues

Miguel Landaeta nomadium at debian.org
Mon Mar 24 21:31:42 UTC 2014

On Mon, Mar 24, 2014 at 04:46:02PM -0300, Miguel Landaeta wrote:
> I believe a DSA is not necessary for those CVEs.

I want to rectify on this. I think a DSA is necessary because the fix
for CVE-2014-0054 addresses an incomplete fix for CVE-2013-4152 /
CVE-2013-6429 and some of those vulnerabilities were covered on

Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at
"Faith means not wanting to know what is true." -- Nietzsche
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20140324/be05c578/attachment.sig>

More information about the pkg-java-maintainers mailing list