Le 09/12/2017 à 23:29, Moritz Mühlenhoff a écrit :

> I'd say let's kick it out, then. We have a build dependency (and run time
> dependencies) on libspring-java, can we axe it out there?

jasperreports is just a build dependency of some unused parts of
libspring-java. No application in Debian needs it at run time. So these
vulnerabilities can be safely ignored in the stable releases.

Emmanuel Bourg

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to