Control: reassign -1 src:wagon2 Control: tags -1 + patch Hi,
The email does not appear to have reached the BTS, so I am resending it (and quoting it in full). ~Niels On 2013-03-15 04:49, Arnaud Fontaine wrote: > Control: reassign -1 src:wagon2 > Control: tags -1 + patch > > Hello, > > This security issue is actually affecting libwagon2-java as, besides of > build improvements, maven 3.0.5 only bumps wagon2 version from 2.2 to > 2.4 (should maven be rebuilt when a fixed version has been > uploaded?). Therefore, I'm reassigning this issue to wagon2 instead. > > According to [0], it is recommended to upgrade to Maven Wagon 2.4 > however this is not really possible as the new version requires (at > least, when testing by changing the required version, I got more > dependency errors later on) libmaven-parent-java >= 23 which is not > available in the archive. Moreover, there are many unrelated changes so > the only solution is probably to backport the patches. The issue on > Maven Wagon BTS seems to be: > > https://jira.codehaus.org/browse/WAGON-385 > > And the patches (quite small indeed): > > https://git-wip-us.apache.org/repos/asf?p=maven-wagon.git;a=commit;h=2f7bb33852cbb9ddb4e1abaa37f282b67bf72af5 > https://git-wip-us.apache.org/repos/asf?p=maven-wagon.git;a=commit;h=b5a0839e312345499c811b6eff8f9029118ca8d5 > > As I don't know anything about Maven (I'm just hunting RC bugs ;-)), > could you please confirm that these patches fix this issue? I can later > NMU if it helps. > > Also, there seems to have been several other bug fixes (including > security-related ones), not sure if they are really critical, just > pointing out what I have found so far while checking git history from > Maven Wagon 2.2 to 2.4: > > https://git-wip-us.apache.org/repos/asf?p=maven-wagon.git;a=commit;h=f1298163ebb9f72c618c69140f6b47c7ad6c32e5 > https://git-wip-us.apache.org/repos/asf?p=maven-wagon.git;a=commit;h=31a5772aeffa38ed50355ad488f741cf48c4960a > https://git-wip-us.apache.org/repos/asf?p=maven-wagon.git;a=commit;h=d95189d00ab1e7ac79bd5b9f7d20525c2776a6a2 > https://git-wip-us.apache.org/repos/asf?p=maven-wagon.git;a=commit;h=6b664d691c9a0fec8a09b77a0f57c1945691db8a > https://git-wip-us.apache.org/repos/asf?p=maven-wagon.git;a=commit;h=81c5ebb0efc4c9803a32fa81d390dc60da8905ac > > Cheers, > > > > __ > This is the maintainer address of Debian's Java team > <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. > Please use > debian-j...@lists.debian.org for discussions and questions. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
