Hello Eric, You wrote: "Linux-igd is dead code, use very old libpunp version that contains numerous security holes. Besides this version is not compatible with IPV6 as required by UPnP IGD V2 specification."
I believe you mean libupnp4 contains numerous security holes - have they been reported in Debian? That could be serious with implications beyond linux-gd and needs to be addressed immediately. I don't see any reported [1]. Are there security problems with linux-igd independent of libupnp4? It seems that the main bug is the linux-igd is not compatible with UPnP IGD V2. If that is the case, I don't think this is an RC bug (severity Grave). A "normal" severity seems more appropriate to me. Regards, Scott [1] http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=libupnp4;dist=unstable;repeatmerged=0 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
