Le 03/02/2015 19:06, Christopher Currie a écrit : > Thanks; the issue is that I would like to see that CVE fixed for > precise. It looks like precise doesn't have libwagon2-java, only > libwagon-java. Has anyone worked with the Ubuntu security team, and can > say whether they'd allow a *new* package to be added, to fix a security > issue?
If precise doesn't have libwagon2-java you are probably safe. The description of CVE-2013-0253 states that wagon was vulnerable starting with the version 2.1. And looking at the patch for wagon 2 [1], none of the code modified exists in wagon 1. Emmanuel Bourg [1] https://sources.debian.net/src/wagon2/2.2-3%2Bnmu1/debian/patches/cve-2013-0253.patch/ -- To UNSUBSCRIBE, email to debian-java-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54d1121b.3040...@apache.org
