On Wed, Nov 26, 2014 at 12:40:37PM +0100, Emmanuel Bourg wrote: > I've been investigating this issue as well. I contacted an upstream > developer and it seems the actual fix for this issue is unknown. The > version 3.2.0 was just reported as not vulnerable by the security > researched who discovered this issue. > > I can prepare an upgrade to the latest 3.2.x version but this will at > least require libhibernate-validator-java to be unblocked as well.
I didn't look into the specific issue, but Red Hat Bugzilla has references to isolated patches? https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
