Bug#885577: libhibernate-validator-java: CVE-2017-7536: Privilege escalation when running under the security manager
Markus Koschany
apo at debian.org
Mon Jan 8 15:01:17 UTC 2018
Am 08.01.2018 um 13:32 schrieb Abhijith PA:
> Hello. :)
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1465573#c24 says it affects
> all 5.x version. But Debian haven't shipped this version yet. And
> upstream patched files doesn't exist in 4.3.3 (version in Debian sid).
> So could you please elaborate on how your research find 4.3.3 affected ?
Hello,
I also had a look at this bug yesterday and I came to the same
conclusion. The upstream patch doesn't work for the 4.x branch. I am not
sure if we are affected at all.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20180108/f85366f2/attachment.sig>
More information about the pkg-java-maintainers
mailing list