I have patches for libitext-java and libitext5-java. There are only two remaining packages now:
voms-api-java jenkins-instance-identity The tests in voms-api-java fail and according to https://github.com/italiangrid/voms-api-java/issues/17 a new version was planned for September which would have been based on bouncycastle 1.52. Unfortunately it hasn't been released yet. The Debian maintainer for voms-api-java also maintains the package in Fedora and I wonder why it works for Fedora but not for Debian. Both use the same patches and the same upstream version and Fedora even uses Bouncycastle 1.52. http://pkgs.fedoraproject.org/cgit/voms-api-java.git/ I think the upload of BC 1.51 is still more important due to the security vulnerability and we should file severity serious bugs for both packages. If there are no objections, I will take care of the bouncycastle upload this weekend and upload the fixed packages as well. Markus
signature.asc
Description: OpenPGP digital signature
