On 06/17/2012 04:11 PM, Miguel Landaeta wrote: > tags 674448 + pending > thanks > > On Thu, May 24, 2012 at 08:13:35PM +0200, Moritz Muehlenhoff wrote: >> Package: libcommons-compress-java >> Version: 1.2-1 >> Severity: grave >> Tags: security >> >> Please see https://commons.apache.org/compress/security.html >> >> Fixed in 1.4.1. This doesn't warrant a DSA, but you could fix >> it through a point update for Squeeze 6.0.6. > > This is already fixed in the svn repo. A new package will be uploaded soon.
Built and ready for upload, awaiting xz-java (new build-dep) to make it through NEW. How would the point update work for Squeeze given that there is a new build dependency that needs to be added to Squeeze as well? Once we have approval, can we simply upload both the new package and the updated libcommons-compress-java at the same time? Cheers, tony
signature.asc
Description: OpenPGP digital signature
