Bug#880467: jasperreports: CVE-2017-14941, CVE-2017-5528, CVE-2017-5529
Markus Koschany
apo at debian.org
Wed Nov 1 19:42:43 UTC 2017
Short update:
One staff member told me that my options are to read the advisories,
which don't contain any detailed information or patches, or, if I have a
commercial license, to contact support. Great, let's buy a license to
get more information about security bugs.
So far the only viable option would be to upgrade to the latest upstream
release and backport that to Wheezy, Jessie and Stretch as well but I'm
not thrilled to maintain another Oracle-like Java package when it comes
to security bugs.
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20171101/67c9cb7a/attachment.sig>
More information about the pkg-java-maintainers
mailing list