Total failure on closing the last CVE. There are significant issues regarding maintainability, stability, and upstream activity. It has me concertinaed about the status of this package on new deployments.
Two of these CVEs are fixed in the upstream system, but we were unable to create a patch that would apply to the current version. Might be time to consider dropping this package from Debian -- #define sizeof(x) rand() :wq -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
