Bug#1057315: tiles: CVE-2023-49735
Salvatore Bonaccorso
carnil at debian.org
Sun Dec 3 19:59:22 GMT 2023
Control: clone -1 -2 -3
Control: retitle -2 tiles: Add README.Debian.security to document support status
Control: reassign -3 src:debian-security-support
Control: retitle -3 Mark tiles as only supported for building applications shipped in Debian
Hi,
On Sun, Dec 03, 2023 at 03:35:31PM +0100, Markus Koschany wrote:
> Am Sonntag, dem 03.12.2023 um 15:10 +0100 schrieb Moritz Muehlenhoff:
> > > But maybe we can set it as "no-dsa", is it only used as build
> > > dependency for libspring-java and not sensible outside?
> >
> > Spring is already marked as unsupported, so we can simply extend that.
>
> +1 This is sensible in this case.
Ok your both reasoning make sense.
So adding a README.Debian.security on a next upload to clarify the
situation for only beeing supported for building applications shipped
in Debian.
And then as well a debian-security-support entry.
Cloning and reassigning accordingly two bugs.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list