-
maven (3.6.3-5ubuntu1.1) kinetic-security; urgency=medium
* SECURITY REGRESSION: Add previously incomplete CVE fix with a
secondary patch (LP: #1999254)
- debian/patches/CVE-2021-26291-*.patch: add extra missing commit to
previous CVE-2021-26291 fix.
- CVE-2021-26291
-- Nishit Majithia <email address hidden> Fri, 06 Jan 2023 09:58:52 +0530
-
maven (3.6.3-5ubuntu1) kinetic; urgency=medium
* SECURITY UPDATE: Insufficient Verification of Data Authenticity
- debian/patches/CVE-2021-26291.patch: Block HTTP repositories by default.
- CVE-2021-26291
-- Nishit Majithia <email address hidden> Tue, 16 Aug 2022 18:24:18 +0530
-
maven (3.6.3-5) unstable; urgency=medium
* Removed the rule replacing the Guice no_aop dependency in the poms
(Closes: #982466)
-- Emmanuel Bourg <email address hidden> Wed, 10 Feb 2021 15:59:15 +0100
