Hi, Am 07.05.19 um 09:40 schrieb Brian May: > Looking at Gradle in Jessie it looks like it has a number of http:// > URLS instead of https:// URLS that look dicy. > > There is this upstream patch that looks like it might be important and > also is missing from Jessie: > > https://github.com/gradle/gradle/commit/b2b9606975bfe98418aef731b1fa006a03fde7d4 > > I have a suspicion all these references may not updating (or at least > the not commented ones): [...] Gradle is a Java build tool and is mainly used to build Gradle based packages for Debian. Since we build only with system libraries, this CVE is only relevant for people who use our Gradle version to build non-Debian packages. I assume not many people will do that. You can safely mark this CVE as no-dsa, minor issue. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature