Hi, adding the security team to the loop :) On Montag, 22. September 2014, Raphael Hertzog wrote: > while going through the list of open CVE in oldstable I stumbled upon two > issues concerning axis2c: > https://security-tracker.debian.org/tracker/source-package/axis2c > > None of those issues are fixed upstream and they are also not fixed > in unstable. It looks like the software is mostly dead upstream with > no new releases for years. > > Shall we declare that axis2c is no longer supportable on squeeze? > > If yes, what's the way to do that, opening a bug report against > debian-security-support? (IIRC we used to drop the package > from the release entirely during point releases but this > is not possible here). cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.