Bug#758086: security update of commons-httpclient?

Raphael Hertzog hertzog at debian.org
Tue Feb 24 14:21:52 UTC 2015


Hello dear maintainer(s),

the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of your commons-httpclient:
https://security-tracker.debian.org/tracker/CVE-2012-6153

It would be nice if you could take care of this update as
the package is not high enough on our priority list and
we seem to never manage to find the time.

And the same seems to apply for the stable security team
since this issue is still open in all releases despite
a friendly ping from Moritz last december.

Yet the package seems to be relatively important in the java world since
it's a reverse dependency of quite a few other packages...

So it would be nice to have some action going. I don't want
to raise the severity to "serious" at this point of the release but it's
not good for Debian to leave security issues unattended for so long.
So can someone take the responsibility to provide fixed packages
for our releases?

I have included Alberto Fernández Martínez in copy since he's the last
person having uploaded the package in... 2012!

Thank you in advance!

Raphaël Hertzog,
  on behalf of the Debian LTS team.

PS: If you want to handle the upload to squeeze-lts by yourself, please
follow the instructions here:
http://wiki.debian.org/LTS/Development
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/



More information about the pkg-java-maintainers mailing list