Hi Markus, On Tue, Apr 11, 2017 at 02:18:14PM +0000, Debian Bug Tracking System wrote: > Processing control commands: > > > merge 860068 860069 860070 860071 > Bug #860068 [src:tomcat8] tomcat8: CVE-2017-5647 > Bug #860069 [src:tomcat8] tomcat8: CVE-2017-5648 > Marked as found in versions tomcat8/8.5.11-1. > Bug #860068 [src:tomcat8] tomcat8: CVE-2017-5647 > Marked as found in versions tomcat8/8.5.11-1. > Bug #860071 [src:tomcat8] tomcat8: CVE-2017-5651 > Marked as found in versions tomcat8/8.0.14-1. > Bug #860070 [src:tomcat8] tomcat8: CVE-2017-5650 > Marked as found in versions tomcat8/8.0.14-1. > Merged 860068 860069 860070 860071
Why the merge? I was a exlicit choice to open 4 bugs due to the different CVE's and different affected versions (note that two affect 8.0.14-1 and two only 8.5.11-1 but not the version in jessie). Regards, Salvatore

