Package: php-phpdocx Severity: serious [Filled as an RC-bug by the maintainer to exclude package from testing]
php-phpdocx has been introduced as an owncloud dependency, but no
package depends on it anymore. Upstream does not really maintain the
community version, and does not really care about security either:
> All vendors except PHPDocX have released an update. PHPDocX states
> that the admin is responsible to validate the DOCX document and is
> considering this as won't fix.
http://owncloud.org/security/advisory/?id=oc-sa-2014-006
(about CVE-2014-2056, fixed in Debian)
There is little point to release it with Jessie, especially without
someone willing to maintain it, including security-wise (see: #748605).
Regards
David
signature.asc
Description: Digital signature
