Bug#762690: libhibernate-validator-java: affected by CVE-2014-3558

Jonathan Wiltshire jmw at debian.org
Thu Nov 20 19:48:38 UTC 2014


On Wed, Nov 19, 2014 at 04:16:01PM +0100, Emmanuel Bourg wrote:
> Le 19/11/2014 14:49, Raphael Hertzog a écrit :
> 
> > Given it fixes an RC bug, will you check with the release team about a
> > possible exception to the freeze rules?
> > 
> > I saw you uploaded to experimental, thus I'm wondering if you were going
> > to try that anyway.
> 
> Hi Raphael,
> 
> I uploaded to experimental because the debdiff is 80k lines long and I'm
> not sure the release team is willing to consider it. I checked that
> libhibernate3-java still builds fine with this version. I'm confident
> this is a safe upgrade since libhibernate-validator-java has only one
> reverse dependency and is never used at runtime by another binary
> package. So this could go into oldstable/stable/testing but that's not
> my call.

Please open an unblock bug with all details.

-- 
Jonathan Wiltshire                                      jmw at debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20141120/7bdbe22b/attachment-0001.sig>


More information about the pkg-java-maintainers mailing list