Bug#762690: libhibernate-validator-java: affected by CVE-2014-3558
Jonathan Wiltshire
jmw at debian.org
Thu Nov 20 19:48:38 UTC 2014
On Wed, Nov 19, 2014 at 04:16:01PM +0100, Emmanuel Bourg wrote:
> Le 19/11/2014 14:49, Raphael Hertzog a écrit :
>
> > Given it fixes an RC bug, will you check with the release team about a
> > possible exception to the freeze rules?
> >
> > I saw you uploaded to experimental, thus I'm wondering if you were going
> > to try that anyway.
>
> Hi Raphael,
>
> I uploaded to experimental because the debdiff is 80k lines long and I'm
> not sure the release team is willing to consider it. I checked that
> libhibernate3-java still builds fine with this version. I'm confident
> this is a safe upgrade since libhibernate-validator-java has only one
> reverse dependency and is never used at runtime by another binary
> package. So this could go into oldstable/stable/testing but that's not
> my call.
Please open an unblock bug with all details.
--
Jonathan Wiltshire jmw at debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20141120/7bdbe22b/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list