Bug#885577: libhibernate-validator-java: CVE-2017-7536: Privilege escalation when running under the security manager
Markus Koschany
apo at debian.org
Mon Jan 8 17:03:48 UTC 2018
Hi,
Am 08.01.2018 um 17:44 schrieb Salvatore Bonaccorso:
[...]
> So the patched files exits, and similar code flow is present.
>
> I explicitly have not looked (yet) at 4.0.2.GA which is in jessie (and
> wheezy), just the 4.3.3 based versions in stable and unstable yet.
>
> What do you miss?
Oh, I was somehow under the impression all versions were the same. The
getAccessible method is not present in Wheezy/Jessie hence my
conclusion. The version in stable/unstable looks to me like we could
apply the patch.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20180108/dbed3cbf/attachment.sig>
More information about the pkg-java-maintainers
mailing list