Stefan Fritsch skrev: > There are several security issues likely unfixed in ez publish (though > it is not clear since the debian version is much older than the > versions mentioned in the CVEs). There hasn't been a maintainer > upload of ezpublish in 4.5 years. It has a RC bug open since for 4 > months. It should be removed from the archive.
None of the CVE's mentioned apply to eZ Publish 2.x as 3.0 was a complete rewrite from the ground up. But I do agree with you that the package should be dropped, as the software is so old that it isn't even tracked for CVE's. I just haven't found time to figure out the correct procedure to drop a package from the archive. If you do, then take this as my official approval as package maintainer for dropping the package completely from Debian. Regards, - Jonas -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ - Enden er nær: http://www.shibumi.org/eoti.htm
signature.asc
Description: OpenPGP digital signature
