Package: python3-defusedxml Version: 0.7.1-3 Tags: patch User: [email protected] Usertags: cross-satisfiability Control: affects -1 + src:oggvideotools
oggvideotools and 300 other source packages cannot satisfy their cross Build-Depends, because their transitive dependency on python3-defusedxml is not satisfiable. In general, Architecture: all packages can never satisfy cross Build-Depends unless marked Multi-Arch: foreign or annotated :native. Since python3-defusedxml is a pure Python module with no architecture-dependent dependencies of its own, it is sensible to attach the foreign marking. Please consider applying the attached patch. Helmut
diff -Nru defusedxml-0.7.1/debian/changelog defusedxml-0.7.1/debian/changelog --- defusedxml-0.7.1/debian/changelog 2024-12-08 15:01:09.000000000 +0100 +++ defusedxml-0.7.1/debian/changelog 2026-03-03 06:59:44.000000000 +0100 @@ -1,3 +1,10 @@ +defusedxml (0.7.1-3.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Mark python3-defusedxml Multi-Arch: foreign. (Closes: #-1) + + -- Helmut Grohne <[email protected]> Tue, 03 Mar 2026 06:59:44 +0100 + defusedxml (0.7.1-3) unstable; urgency=medium * Team upload. diff -Nru defusedxml-0.7.1/debian/control defusedxml-0.7.1/debian/control --- defusedxml-0.7.1/debian/control 2024-12-08 15:01:09.000000000 +0100 +++ defusedxml-0.7.1/debian/control 2026-03-03 06:59:42.000000000 +0100 @@ -16,6 +16,7 @@ Package: python3-defusedxml Architecture: all +Multi-Arch: foreign Depends: ${misc:Depends}, ${python3:Depends} Description: XML bomb protection for Python stdlib modules (for Python 3) The results of an attack on a vulnerable XML library can be fairly dramatic.
