> Do you have CVE numbers, BTS references or any further detail? No, I don't believe any such processes were engaged. But examination of the actual changes shows many potentially security-relevant deltas. The tool is most commonly used in "friendly" networks to look for vulnerabilities, so this does not render it useless. But I would be surprised if it were not possible to create hostile traffic that would at the very least crash the tool, and likely subvert it.
> So, can you please let me know if you're going to backport the fixes, > or if I should remove it from wheezy. As I've already said repeatedly, I don't think backporting all and only the security-relevant patches is a realistic option. I could go back to the old build system while keeping the updated C sources. This would dramatically reduce the delta count, but seems silly. --Barak. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org