Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package carrotsearch-randomizedtesting We would like to remove simple-xml from Buster (#888547) because the package is unmaintained and affected by CVE-2017-1000190. In order to achieve that the build-dependency on simple-xml in carrotsearch-randomizedtesting had to be removed. unblock carrotsearch-randomizedtesting/2.1.17-2 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect
diff -Nru carrotsearch-randomizedtesting-2.1.17/debian/changelog carrotsearch-randomizedtesting-2.1.17/debian/changelog --- carrotsearch-randomizedtesting-2.1.17/debian/changelog 2016-10-04 14:12:44.000000000 +0200 +++ carrotsearch-randomizedtesting-2.1.17/debian/changelog 2019-04-17 00:14:54.000000000 +0200 @@ -1,3 +1,18 @@ +carrotsearch-randomizedtesting (2.1.17-2) unstable; urgency=medium + + * Team upload. + + [ Hilko Bengen ] + * Remove myself from Uploaders + + [ Markus Koschany ] + * Remove libsimple-xml-java from B-D so this package can be removed from + Testing. + * Ignore org.simpleframework:simple-xml + * Ignore junit4-ant module. + + -- Markus Koschany <a...@debian.org> Wed, 17 Apr 2019 00:14:54 +0200 + carrotsearch-randomizedtesting (2.1.17-1) unstable; urgency=medium * Team upload. diff -Nru carrotsearch-randomizedtesting-2.1.17/debian/control carrotsearch-randomizedtesting-2.1.17/debian/control --- carrotsearch-randomizedtesting-2.1.17/debian/control 2016-10-04 13:58:22.000000000 +0200 +++ carrotsearch-randomizedtesting-2.1.17/debian/control 2019-04-17 00:14:54.000000000 +0200 @@ -2,7 +2,6 @@ Section: java Priority: optional Maintainer: Debian Java maintainers <pkg-java-maintain...@lists.alioth.debian.org> -Uploaders: Hilko Bengen <ben...@debian.org> Build-Depends: debhelper (>= 9), default-jdk, @@ -20,7 +19,6 @@ libmaven-dependency-plugin-java, libmaven-invoker-plugin-java, libmaven-plugin-tools-java (>= 3.2), - libsimple-xml-java (>> 2.7.1), maven Standards-Version: 3.9.8 Vcs-Git: https://anonscm.debian.org/git/pkg-java/carrotsearch-randomizedtesting.git diff -Nru carrotsearch-randomizedtesting-2.1.17/debian/libcarrotsearch-randomizedtesting-java.poms carrotsearch-randomizedtesting-2.1.17/debian/libcarrotsearch-randomizedtesting-java.poms --- carrotsearch-randomizedtesting-2.1.17/debian/libcarrotsearch-randomizedtesting-java.poms 2016-10-04 14:09:15.000000000 +0200 +++ carrotsearch-randomizedtesting-2.1.17/debian/libcarrotsearch-randomizedtesting-java.poms 2019-04-17 00:14:54.000000000 +0200 @@ -27,7 +27,7 @@ # pom.xml --no-parent --has-package-version randomized-runner/pom.xml --has-package-version -junit4-ant/pom.xml --has-package-version +junit4-ant/pom.xml --ignore junit4-maven-plugin/pom.xml --ignore junit4-maven-plugin-tests/pom.xml --ignore examples/maven/pom.xml --ignore diff -Nru carrotsearch-randomizedtesting-2.1.17/debian/maven.ignoreRules carrotsearch-randomizedtesting-2.1.17/debian/maven.ignoreRules --- carrotsearch-randomizedtesting-2.1.17/debian/maven.ignoreRules 2016-10-04 14:09:15.000000000 +0200 +++ carrotsearch-randomizedtesting-2.1.17/debian/maven.ignoreRules 2019-04-17 00:14:54.000000000 +0200 @@ -6,3 +6,4 @@ com.pyx4me proguard-maven-plugin * * * * net.sf.proguard proguard * * * * org.easytesting fest-assert-core * * * * +org.simpleframework simple-xml * * * *