Bug#1025910: libcommons-net-java: CVE-2021-37533
tony mancill
tmancill at debian.org
Tue Dec 27 19:35:21 GMT 2022
On Tue, Dec 27, 2022 at 07:55:52PM +0100, Markus Koschany wrote:
> Hello tony,
>
>
> Am Dienstag, dem 27.12.2022 um 08:40 -0800 schrieb tony mancill:
> > On Sun, Dec 11, 2022 at 09:02:16PM +0100, Salvatore Bonaccorso wrote:
> > > Source: libcommons-net-java
> > > Version: 3.6-1
> > > Severity: important
> > > Tags: security upstream
> > > Forwarded: https://issues.apache.org/jira/browse/NET-711
> > > X-Debbugs-Cc: carnil at debian.org, Debian Security Team
> > > <team at security.debian.org>
> >
> > I see that there has been an upload of 3.9.0 on 2022-12-26.
> >
> > I'm just noting here that I prepared a 3.9.0 package locally but hadn't
> > uploaded it yet because several of the build r-deps failed to compile.
> > (Maybe I was just doing it wrong, but we may see some FTBFS.)
>
> I noticed two FTBFS of wagon and nrepl-clojure. Both of them seemed unrelated
> to me. I guess they will be fixed eventually. Everything else built fine. Sorry
> for the double work.
Hey Markus,
No problem with the double-work. I could have (and should have) claimed
the bug as an owner.
I double-checked that I could run ratt against 3.6.0 successfully, but
not against 3.9.0, but the reason for the build failure wasn't clear to
me either. (My initial impression was that we're missing some transitive
includes because we don't have org.apache.ftpserver:ftpserver-core, but
I haven't followed up on it yet.)
Best regards, and *thank you* for handling the update!
tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20221227/84a1d165/attachment.sig>
More information about the pkg-java-maintainers
mailing list