Bug#893663: freeplane: CVE-2018-1000069 XXE vulnerability
Felix Natter
fnatter at gmx.net
Sat Apr 14 08:46:49 BST 2018
Sébastien Delafond <seb at debian.org> writes:
> On Apr/10, Felix Natter wrote:
>> Yes and no. On jessie the patch did not cleanly apply, so I would have
>> had to apply that change manually. Since removing the import has no
>> effect on the semantics of the program (as long as it still compiles),
>> I was too lazy. It should be ok.
>
> Let's leave it then.
>
> For further contributions, however, please make sure you cleanly
> retrofit any patch that doesn't apply as-is: this will reduce the
> overhead and questions when reviewing on our side.
Ok, sure, I will do!
>> May I ask why the full source must be included?
>
> Because they will be new on security-master.
Ah, thanks for the explanation.
Cheers and Best Regards,
--
Felix Natter
debian/rules!
More information about the pkg-java-maintainers
mailing list