Marked for autoremoval on 08 January due to yarl: #945469high
Version 1.4.2-1 of slixmpp is marked for autoremoval from testing on Wed 08 Jan 2020. It depends (transitively) on yarl, affected by #945469. You should try to prevent the removal by fixing these RC bugs.
Problems while searching for a new upstream version
high
uscan had problems while searching for a new upstream version:
In watchfile debian/watch, reading webpage
https://dev.louiz.org/projects/slixmpp/files failed: 502 Bad Gateway
The URL(s) for this package had some recent persistent issueslow
DUCK reports some issues concerning upstream URLs defined for this package.
CVE-2019-1000021: slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.4.1 instead of
4.1.3).
testing migrations
This package is part of the ongoing testing transition known as python3.8.
Please avoid uploads unrelated to this transition, they would
likely delay it and require supplementary work from the release
managers. On the other hand, if your package has problems
preventing it to migrate to testing, please fix them
as soon as possible.
You can probably find supplementary information in the
debian-release
archives or in the corresponding
release.debian.org
bug.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/s/slixmpp.png){kind=link}