Bug#863811: CVE-2017-5637
Moritz Mühlenhoff
jmm at inutil.org
Thu Jun 1 16:31:25 UTC 2017
On Thu, Jun 01, 2017 at 08:17:21AM -0700, tony mancill wrote:
> On Wed, May 31, 2017 at 02:45:18PM +0200, Moritz Muehlenhoff wrote:
> > Source: zookeeper
> > Severity: grave
> > Tags: security
> >
> > Please see https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> >
> > Fix is referenced here: https://github.com/apache/zookeeper/pull/183
> >
> > I'm also attaching the debdiff I'll be using for jessie for reference.
>
> Hello Moritz,
>
> Thank you (as always) for your work on security. I can prepare the
> upload to unstable. Do you have a recommendation for how we should
> approach the fix in stretch given the timing of the release? Should the
> upload perhaps be prepared for stretch-security?
I think it's best if you prepare a 3.4.9-3 upload with only the security
fix and ask for an unblock by filing a bug against release.debian.org
Cheers,
Moritz
More information about the pkg-java-maintainers
mailing list