Source: voms-api-java Version: 3.0.5-2 Severity: important
Dear maintainer, voms-api-java fails to build from source with the current version of bouncycastle in experimental. We intend to upload this version to unstable this weekend due to a serious security vulnerability in version 1.49 and earlier versions of the bouncycastle crypto libraries. I saw that you also maintain voms-api-java for Fedora. Fedora uses an even newer version of bouncycastle and the Fedora and Debian packages appear to be identical otherwise. So in theory your package should work with the newer BC version too. Upstream seems to work on a new release which will be based on BC 1.52. https://github.com/italiangrid/voms-api-java/issues/17 Another option might be to temporarily disable the tests since they appear to be the root cause for the build failures. Regards, Markus -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect
