Bug#780383: libopensaml2-java: CVE-2015-1796
Moritz Muehlenhoff
jmm at inutil.org
Mon Jun 29 08:25:33 UTC 2015
On Sat, May 09, 2015 at 08:35:13AM -0700, tony mancill wrote:
> On 05/06/2015 10:54 PM, tony mancill wrote:
> > An update on this... I'm in the midst of packaging 2.6.5, but it in
> > turn requires an update to libxmltooling-java to version 1.4.4, which I
> > am working on now.
>
> In an email exchange with Scott Cantor, who works on this family of
> libraries upstream, he stated that the v2 libraries will be EOL this
> summer, and that he would advise not to ship them in a release unless
> Debian will maintain them.
>
> Based upon that information, the low popcon, and the fact that this
> cluster of packages appear to be leaf packages (I can't find r-deps for
> them):
>
> libopenws-java
> libshib-common-java
> libopensaml2-java
> libshib-parent-project2-java
>
> I'm not going to take action to prevent the automated removal from
> testing and am considering requesting that the packages be removed from
> the archive. If people are using these libraries and can make a case
> for them being available in Debian, please speak up.
Since noone objected and since they're already dropped from testing
for three weeks now, I'll also request removal from unstable now.
Cheers,
Moritz
More information about the pkg-java-maintainers
mailing list