On 2015-02-02 23:03, Christopher Currie wrote:
Maven 3.0.4, the default on Ubuntu 12.04, has a documented security
vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0253
The Ubuntu security team has asked the community for a debdiff that can
be applied:
https://bugs.launchpad.net/ubuntu/%2Bsource/maven/%2Bbug/1136109
Maven 3.0.5 has already been published for Trusty:
https://launchpad.net/ubuntu/+source/maven/3.0.5-1
So I'm hoping an update would not be difficult. Is there someone who can
assist getting this update applied to 12.0.4?
Hi Christopher,
Thanks for your request. Unfortunately, I am in the progress of
retiring from my Java related activities (I see I forgot about my
team-admin role on Launchpad), so I cannot give you a good answer to
your question.
Instead, you might have luck with forwarding your enquiry to
debian-java@lists.debian.org - just remember to note that the enquiry is
about Ubuntu. I believe there is a sufficient overlap between the
Debian and Ubuntu Java team for this to make sense.