Bug#780383: libopensaml2-java: CVE-2015-1796
tony mancill
tmancill at debian.org
Sat May 9 15:35:13 UTC 2015
On 05/06/2015 10:54 PM, tony mancill wrote:
> An update on this... I'm in the midst of packaging 2.6.5, but it in
> turn requires an update to libxmltooling-java to version 1.4.4, which I
> am working on now.
In an email exchange with Scott Cantor, who works on this family of
libraries upstream, he stated that the v2 libraries will be EOL this
summer, and that he would advise not to ship them in a release unless
Debian will maintain them.
Based upon that information, the low popcon, and the fact that this
cluster of packages appear to be leaf packages (I can't find r-deps for
them):
libopenws-java
libshib-common-java
libopensaml2-java
libshib-parent-project2-java
I'm not going to take action to prevent the automated removal from
testing and am considering requesting that the packages be removed from
the archive. If people are using these libraries and can make a case
for them being available in Debian, please speak up.
Cheers,
tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20150509/2be8679d/attachment.sig>
More information about the pkg-java-maintainers
mailing list