[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gradle / CVE-2019-11065


Am 07.05.19 um 09:40 schrieb Brian May:
> Looking at Gradle in Jessie it looks like it has a number of http://
> URLS instead of https:// URLS that look dicy.
> There is this upstream patch that looks like it might be important and
> also is missing from Jessie:
> https://github.com/gradle/gradle/commit/b2b9606975bfe98418aef731b1fa006a03fde7d4
> I have a suspicion all these references may not updating (or at least
> the not commented ones):


Gradle is a Java build tool and is mainly used to build Gradle based
packages for Debian. Since we build only with system libraries, this CVE
is only relevant for people who use our Gradle version to build
non-Debian packages. I assume not many people will do that. You can
safely mark this CVE as no-dsa, minor issue.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: