squeeze update of axis?
Emmanuel Bourg
ebourg at apache.org
Wed Feb 18 17:29:37 UTC 2015
Hi Raphael,
I think this is a trivial update, the version of Axis hasn't changed
since Squeeze and it should be as simple as dropping the CVE-2014-3596
patch from axis/1.4-22 into the version 1.4-12 currently in Squeeze (it
also addresses CVE-2012-5784).
Emmanuel Bourg
Le 18/02/2015 18:03, Raphael Hertzog a écrit :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of your package:
> https://security-tracker.debian.org/tracker/CVE-2014-3596
> https://security-tracker.debian.org/tracker/CVE-2012-5784
>
> Would you like to take care of this yourself? It's probably not
> too complicated since a Wheezy update happened a few months ago
> and that it's the same upstream version in both releases.
>
> If yes, please follow the workflow we have defined here:
> http://wiki.debian.org/LTS/Development
>
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts at lists.debian.org
> (via a debdiff, or with an URL pointing to the the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
>
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
>
> Thank you very much.
>
> Raphaël Hertzog,
> on behalf of the Debian LTS team.
>
> PS: A member of the LTS team might start working on this update at
> any point in time. You can verify whether someone is registered
> on this update in this file:
> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
>
More information about the pkg-java-maintainers
mailing list