On Mon, Feb 2, 2015 at 3:26 PM, Emmanuel Bourg <ebo...@apache.org> wrote:
> Le 02/02/2015 23:55, Christopher Currie a écrit : > > > Greetings, debian-java. Is this the correct place to ask for help with > > Ubuntu packages? > > Hi Christopher, > > Most Java packages are shared between Debian and Ubuntu, so we should be > able to help. > > CVE-2013-0253 was fixed 2 years ago in libwagon2-java/2.2-3+nmu1 for > Debian. I see trusty has the version 2.5-1, so you are safe. > Thanks; the issue is that I would like to see that CVE fixed for precise. It looks like precise doesn't have libwagon2-java, only libwagon-java. Has anyone worked with the Ubuntu security team, and can say whether they'd allow a *new* package to be added, to fix a security issue? -- Christopher Currie Engineering, Usermind <http://www.usermind.com> codemon...@usermind.com 206.353.2867 x109
