Package: trn Version: 3.6-24 Severity: grave Tags: security upstream Justification: user security hole
Hi, I am the maintainer for trn, and have seen evidence that it's not safe to use with untrusted input (e.g. usenet). Further, I've asked and no-one wants to work on its rather elderly code-base, whereas trn4 still gets at least some love. So, we should remove trn3; I'll file more bugs about that in due course. Regards, Matthew -- System Information: Debian Release: 7.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages trn depends on: ii debconf 1.5.49 ii inn2-inews [inews] 2.5.3-3 ii libc6 2.13-38+deb7u11 ii libncurses5 5.9-10 ii libtinfo5 5.9-10 Versions of packages trn recommends: ii exim4-daemon-heavy [mail-transport-agent] 4.80-7+deb7u3 Versions of packages trn suggests: ii ispell 3.3.02-6 -- debconf information: shared/news/server:
