WordPress probably uses its own version which, I assume, they will maintain afterwards.
I'll see if I can find more about what they're doing with it for the longer term. The easiest way for me is to just drop the depends. - Craig On Sat, 8 Dec. 2018, 02:06 Salvatore Bonaccorso <car...@debian.org wrote: > Control: severity -1 serious > > As mentioned in > https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27 the 5.2 > branch is deprecated and will not recieve security updates anymore > after 31st December 2018. > > This is not an issue per se, as we usually need to backport fixes to > older versions in general for bugfixes but in particular for > security-fixes; but starting buster with a know deprecated and not > supported version given upstream actively develops on the 6.x branch > looks somehow problematic for the buster release cycle. > > For this concern, I'm raising the severity to RC. > > there are a couple of packages with Depends or Build-Depends on > libphp-phpmailer, and I'm X-Debbugs-CC'ing those here. > > # Broken Depends: > cacti: cacti > tt-rss: tt-rss > wordpress: wordpress > > # Broken Build-Depends: > wordpress: libphp-phpmailer (>= 5.2.14) > > Regards, > Salvatore >