Bug#952683: snakeyaml: CVE-2017-18640
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 26 06:49:53 GMT 2020
Hello Tony,
On Wed, Mar 25, 2020 at 10:04:47PM -0700, tony mancill wrote:
> Hello Salvatore,
>
> On Sat, Feb 29, 2020 at 09:17:50PM +0100, Salvatore Bonaccorso wrote:
> > > The upstream issue has been marked as resolved and the links to the
> > > proposed resolution returns a 404. I agree that we should have an issue
> > > open in the tracker, but I don't see how this is actionable at this
> > > time.
> >
> > *sigh*. When I filled the bug I'm pretty sure the referenced commit
> > *was* not resulting in a 404 :(
> >
> > Please have a look at
> >
> > https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
> >
> > That is again the respective commit. Looks upstream did convert the
> > reposiitory.
>
> Thank you for tracking this down and please excuse my delay in
> responding. I have just uploaded an updated source package to the
> archive.
Welcome and don't worry :)
Thanks for the upload!
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list