Problems while searching for a new upstream version
high
uscan had problems while searching for a new upstream version:
In debian/watch no matching files for watch line
http://www.jgraph.com/downloads/jgraphx/archive/ .*jgraphx-(\d+)_(\d+)_(\d+)_(\d+).zip debian debian/orig-tar.sh
Standards version of the package is outdated.
high
The package is severely out of date with respect to the Debian Policy.The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.5.0 instead of
3.9.4).
This package has been
orphaned. This means that it does not have a real
maintainer at the moment. Please consider adopting this package
if you are interested in it. Please see bug number #907548 for more information.
CVE-2017-18197: In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
CVE-2017-18197: In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/libj/libjgraphx-java.png){kind=link}