Bug#760733: libspring-java: CVE-2014-0225
Raphael Hertzog
hertzog at debian.org
Wed Nov 26 10:45:58 UTC 2014
Hello Stephen,
On Mon, 08 Sep 2014, Stephen Nelson wrote:
> > For what it's worth, CVE-2014-3578 was assigned to a directory traversal
> > vulnerability in libspring-java
> > ( http://www.pivotal.io/security/cve-2014-3578)
>
> Thanks for letting us know about this one. I've had a quick look and it
> might be more difficult to fix given that there hasn't been a specific
> commit made in a later version of Spring which could be backported.
> However, I will look into this in more detail and report back to the BTS
> for this bug.
I haven't seen any followup yet. Do you still plan to do the required
investigation?
This bug is one of Jessie's remaining release critical bugs so it would
be nice if there could be some progress. (Of course, packaging a new
upstream version can also be considered by release team members
if backporting is too much work)
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
More information about the pkg-java-maintainers
mailing list