Bug#760733: libspring-java: CVE-2014-0225
Emmanuel Bourg
ebourg at apache.org
Wed Nov 26 11:40:37 UTC 2014
I've been investigating this issue as well. I contacted an upstream
developer and it seems the actual fix for this issue is unknown. The
version 3.2.0 was just reported as not vulnerable by the security
researched who discovered this issue.
I can prepare an upgrade to the latest 3.2.x version but this will at
least require libhibernate-validator-java to be unblocked as well.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list