Bug#888547: CVE-2017-1000190
Markus Koschany
apo at debian.org
Sun Apr 14 22:27:12 BST 2019
Hi,
Am 13.04.19 um 11:31 schrieb Ivo De Decker:
[...]
> It is possible to remove the test-dependency (probably by disabling the
> tests)? That way simple-xml could be removed from buster. Even if we don't do
> this for buster, it might be good to do this for bullseye anyway, if the
> package isn't really maintained.
Simple-xml is only required to build carrotsearch-randomizedtesting. It
is not a test-dependency though. However I have just disabled the only
module in carrotsearch-randomizedtesting that uses simple-xml, which is
junit4-ant.
If we do that then lucene4.10 will FTBFS but it requires only a simple
patch to tell the build system not to look for the now missing
junit4-ant dependency. Apparently the removal makes no difference for
lucene4.10. I can implement those changes in the coming days.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20190414/5394942d/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list