(Resending to the correct address list; sorry for the noise)

El 10/07/24 a las 10:41, Santiago Ruano Rinc�n escribi�:

Dear Java packaging team,

(Please CC: me when replying, I am not subscribed to the list)

According to the apache advisory of CVE-2023-51441, axis 1.x has been
EOL'ed upstream:

https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd

According to the comment by grid on #debian-security, I understand it is
on life support upstream, and there have been fixes for CVEs the last
years, including at least one not-unimportant. However, from the above mentioned advisory, upstream recommends to migrate to a "different SOAP engine, such as Apache Axis 2/Java."

On sid, this is the current list of build dependencies of libaxis-java:

jalview
jets3t
jglobus
starjava-datanode
starjava-dpac
starjava-topcat
starjava-ttools
starjava-vo
starjava-votable
uimaj

So my mail is just to start any discussion to see if it would be
appropriate to file bugs on the reverse dependencies, to ask the
maintainers if they could study how feasible is to migrate to another
SOAP engine.

Any thoughts?

Cheers,

-- Santiago

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCZo6SDwAKCRAn3j1FEEiG 7294AQDg/y+QrxSSrEi4XLOw5Dy/oCrTXv/qelqln066J0mTxwEA/Ov1GhdDU3U9 K1GSddprGNixludb/jqQJUy/w7rSigs=
=xHGg
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: [email protected] (=?UTF-8?Q?Santiago_Ruano_Rinc=C3=B3n?=)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------WZqA58qMcfkaVOpPrdPGTb2C
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SGkgYWxsLA0KDQpMZSAxMC8wNy8yMDI0IMOgIDE1OjUyLCBTYW50aWFnbyBSdWFubyBSaW5j w7NuIGEgw6ljcml0wqA6DQo+IChSZXNlbmRpbmcgdG8gdGhlIGNvcnJlY3QgYWRkcmVzcyBs aXN0OyBzb3JyeSBmb3IgdGhlIG5vaXNlKQ0KPiANCj4gRWwgMTAvMDcvMjQgYSBsYXMgMTA6 NDEsIFNhbnRpYWdvIFJ1YW5vIFJpbmPDs24gZXNjcmliacOzOg0KPj4gRGVhciBKYXZhIHBh Y2thZ2luZyB0ZWFtLA0KPj4NCj4+IChQbGVhc2UgQ0M6IG1lIHdoZW4gcmVwbHlpbmcsIEkg YW0gbm90IHN1YnNjcmliZWQgdG8gdGhlIGxpc3QpDQo+Pg0KPj4gQWNjb3JkaW5nIHRvIHRo ZSBhcGFjaGUgYWR2aXNvcnkgb2YgQ1ZFLTIwMjMtNTE0NDEsIGF4aXMgMS54IGhhcyBiZWVu DQo+PiBFT0wnZWQgdXBzdHJlYW06DQo+Pg0KPj4gaHR0cHM6Ly9saXN0cy5hcGFjaGUub3Jn L3RocmVhZC84bnJtNXRob3A4ZjgycGdseDRvMGpnOHdtdnk2ZDl5ZA0KPj4NCj4+IEFjY29y ZGluZyB0byB0aGUgY29tbWVudCBieSBncmlkIG9uICNkZWJpYW4tc2VjdXJpdHksIEkgdW5k ZXJzdGFuZCBpdCBpcw0KPj4gb24gbGlmZSBzdXBwb3J0IHVwc3RyZWFtLCBhbmQgdGhlcmUg aGF2ZSBiZWVuIGZpeGVzIGZvciBDVkVzIHRoZSBsYXN0DQo+PiB5ZWFycywgaW5jbHVkaW5n IGF0IGxlYXN0IG9uZSBub3QtdW5pbXBvcnRhbnQuIEhvd2V2ZXIsIGZyb20gdGhlIGFib3Zl DQo+PiBtZW50aW9uZWQgYWR2aXNvcnksIHVwc3RyZWFtIHJlY29tbWVuZHMgdG8gbWlncmF0 ZSB0byBhICJkaWZmZXJlbnQgU09BUA0KPj4gZW5naW5lLCBzdWNoIGFzIEFwYWNoZSBBeGlz IDIvSmF2YS4iDQo+Pg0KPj4gT24gc2lkLCB0aGlzIGlzIHRoZSBjdXJyZW50IGxpc3Qgb2Yg YnVpbGQgZGVwZW5kZW5jaWVzIG9mIGxpYmF4aXMtamF2YToNCj4+DQo+PiBqYWx2aWV3DQo+ PiBqZXRzM3QNCj4+IGpnbG9idXMNCj4+IHN0YXJqYXZhLWRhdGFub2RlDQo+PiBzdGFyamF2 YS1kcGFjDQo+PiBzdGFyamF2YS10b3BjYXQNCj4+IHN0YXJqYXZhLXR0b29scw0KPj4gc3Rh cmphdmEtdm8NCj4+IHN0YXJqYXZhLXZvdGFibGUNCj4+IHVpbWFqDQo+Pg0KPj4gU28gbXkg bWFpbCBpcyBqdXN0IHRvIHN0YXJ0IGFueSBkaXNjdXNzaW9uIHRvIHNlZSBpZiBpdCB3b3Vs ZCBiZQ0KPj4gYXBwcm9wcmlhdGUgdG8gZmlsZSBidWdzIG9uIHRoZSByZXZlcnNlIGRlcGVu ZGVuY2llcywgdG8gYXNrIHRoZQ0KPj4gbWFpbnRhaW5lcnMgaWYgdGhleSBjb3VsZCBzdHVk eSBob3cgZmVhc2libGUgaXMgdG8gbWlncmF0ZSB0byBhbm90aGVyDQo+PiBTT0FQIGVuZ2lu ZS4NCj4+DQo+PiBBbnkgdGhvdWdodHM/DQoNClRoYW5rcyBmb3IgcmFpc2luZyB0aGlzIGlz c3VlLiBNeSBmaXJzdCBmZWVsaW5nIGlzIGZpbGluZyB0aGVzZSBidWcgDQpyZXBvcnRzIGlz IHNlbnNpYmxlLCB1bmNvbmRpdGlvbmFsbHkuDQoNCkJ1dCBhbHNvIEkgd29uZGVyIGlmIHdl IGhhdmUgc29tZSByZWFzb25hYmxlIGFsdGVybmF0aXZlIHRvIHN1Z2dlc3QgaW4gDQp0aGVz ZSBidWcgcmVwb3J0czoNCi0gYXhpczIgaXMgdW5wYWNrYWdlZCAoY291bGQgYmUpIGFuZCBp dHMgbGF0ZXN0IHJlbGVhc2UgaXMgMiB5ZWFycyAoKyAxIA0KZGF5KSBvbGQ7DQotIHNhYWog YW5kIGpheHdzOiBJIGNhbid0IHNheSBpZiB0aGV5IGNhbiBwcm92aWRlIGFuIGFsdGVybmF0 aXZlIHRvIHdoYXQgDQpheGlzIGRvZXMuIFBlcmhhcHMgc29tZSBwZW9wbGUgdGhlcmUgaGF2 ZSBhbiBvcGluaW9uPw0KLSBBcGFjaGUgQ1hGLCB1bnBhY2thZ2VkIGFzIG9mIG5vdyBidXQg c2VlbXMgdG8gYmUgYWN0aXZlbHkgbWFpbnRhaW5lZD8NCi0gc29tZXRoaW5nIGVsc2U/DQoN CkRvIG90aGVycyBpbiB0aGUgdGVhbSBoYXZlIHNvbWUgaWRlYXM/DQoNCj4+DQo+PiBDaGVl cnMsDQo+Pg0KPj4gICAtLSBTYW50aWFnbw0KPiANCj4gDQoNCkJlc3QsDQoNCi0tIA0KUGll cnJlDQo=

--------------WZqA58qMcfkaVOpPrdPGTb2C--

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmaTzsUACgkQYAMWptwn dHbn9g//Rg3CwbJncoWnGdVXYVMzN3D3dZOlJsiluyKHvF6DE5SSDVAnpj2iQ0iJ isPQ4w4iGEVGltQj3cbG4fWwhnZ6heVnleLn8zoW60E4i9JcFGXo3MwOiPR8fZMc LpbqUsHnHp6RoiKP9/YlVavNOIkA5SChl5FPG8vKeSbiOZ+IjZys/YkdlKOIQF2T pxjW5Xf4NmDwa/Eaf+LzHAM1rlGNfeIA8fdYKjGADqFSgaZiYaM9w20jsxYZs8OU tzFtuqRHHAjKAgBF6SIqLajN+zqABZvFCFhkWdiRVH+lOx5d1ZxDochpYjLsXoTr RYZydj+4I8NXEhd+E95xmPxfA/mpoyNMRA6FcrtJ3lzpStHS3jqts8RkfpMihY3R 5mDezlUZIt1ZTSLF8ldBYrGoFLrCgCjiYXxQz0UEY1fGxMaYJU1209nQpSFUQcqg WLdPEGksCyUMuw96Ul45greVFZegVmHJoVY/0mgrGWjoSzpA8RkyN4n1hntNSL1I Cu6wylmLoew2OZb+XIfGgD0TIxmCd0PyU4ZEkcZlBmFccv0Gu1nOL3Nh+gqDhFR4 fvS//+fBjlvlcmycC7v7AaU9/1eG4LAMgYYMXvXlmtq+/9coyQK4VV0durgDNWXr RbZqzOQGgxjD1LSgU7wE+NohIxh+r+zviw4JmifduJ1yUWMrb+c=
=b5JK
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)