Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: rm
Please, remove php-zend-xml from Jessie (it’s not in Wheezy). It’s affected by CVE-2015-5161. Even if of low impact in Jessie (since PHP is already fixed), there is little point in keeping this useless package as is (as documented in #785489, having it in stable was actually an error). The security team agrees with this approach if you are OK with it. I will follow up with a removal request from Sid once this package is removed from stable (or sooner if you prefer). Regards David
signature.asc
Description: OpenPGP digital signature
