[pkg-php-pear] Bug#756581: Not fit for Jessie
David Prévot
taffit at debian.org
Thu Jul 31 04:41:25 UTC 2014
Package: php-phpdocx
Severity: serious
[Filled as an RC-bug by the maintainer to exclude package from testing]
php-phpdocx has been introduced as an owncloud dependency, but no
package depends on it anymore. Upstream does not really maintain the
community version, and does not really care about security either:
> All vendors except PHPDocX have released an update. PHPDocX states
> that the admin is responsible to validate the DOCX document and is
> considering this as won't fix.
http://owncloud.org/security/advisory/?id=oc-sa-2014-006
(about CVE-2014-2056, fixed in Debian)
There is little point to release it with Jessie, especially without
someone willing to maintain it, including security-wise (see: #748605).
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20140731/330e27a1/attachment.sig>
More information about the pkg-php-pear
mailing list