Re: Security issue in groovy<2.5.0
Thorsten Glaser <t.glaser@tarent.de> writes:
> On Sat, 26 Aug 2017, Felix Natter wrote:
hi Thorsten,
>> OTOH, this is for Debian unstable/testing...
>
> Debian unstable is where you upload things to that you expect
> to be part of the next Debian stable, and thus in an appropriate
> shape; it might make sense for experimental though?
This post is about considering to patch groovy-2.4 to fix a sandbox
escape in that version, which the groovy people did not want to patch in
2.4.x, but it will be part of 2.5.x.
I meant that we might consider using the patch on Debian
testing/unstable, because unlike upstream groovy 2.4.x it won't be used
in a stable environment soon (i.e. until 2.5.0 is released). Of course,
this might neglect Ubuntu releases.
Best Regards,
--
Felix Natter
debian/rules!
Reply to: