Re: gradle / CVE-2019-11065

To: debian-lts@lists.debian.org
Subject: Re: gradle / CVE-2019-11065
From: Brian May <bam@debian.org>
Date: Wed, 08 May 2019 16:52:12 +1000
Message-id: <[🔎] 871s198mlf.fsf@silverfish.pri>
In-reply-to: <[🔎] 86aa6bc7-2da5-734b-ab05-f3ae9085062c@debian.org>
References: <[🔎] 87a7fy90g6.fsf@silverfish.pri> <[🔎] 86aa6bc7-2da5-734b-ab05-f3ae9085062c@debian.org>

Markus Koschany <apo@debian.org> writes:

> Gradle is a Java build tool and is mainly used to build Gradle based
> packages for Debian. Since we build only with system libraries, this CVE
> is only relevant for people who use our Gradle version to build
> non-Debian packages. I assume not many people will do that. You can
> safely mark this CVE as no-dsa, minor issue.

Agreed. Will do so.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- gradle / CVE-2019-11065
  - From: Brian May <brian@linuxpenguins.xyz>
- Re: gradle / CVE-2019-11065
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: gradle / CVE-2019-11065
Next by Date: Bug#928660: hyperv-daemons matching linux-image-4.9-amd64 in jessie-security are missing
Previous by thread: Re: gradle / CVE-2019-11065
Next by thread: Re: Bug#927781: linux-image-3.16.0-8-amd64: Kernel Oops - unable to handle kernel paging request
Index(es):
- Date
- Thread