On 23/08/2018 13:14, Markus Koschany wrote: > Apparently upstream doesn't consider this "to be their problem". Since > simple-xml has no reverse-dependencies and the current uploader is MIA, > I think we should consider requesting the removal of simple-xml.
simple-xml is a dependency of carrotsearch-randomizedtesting. The fix should be trivial, it's just a matter of disabling external entities parsing on the underlying XML parser. And maybe we've already fixed the XML parser used by default. Emmanuel Bourg __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
