Severity: normal

There's not exactly a dearth of voip programs, and rat is one that hasn't
seen an upstream release since 2003.  It's irresponsible to ship a networked
program processing untrusted data that's not maintained either upstream nor
in Debian for that long -- it's quite certain that the lack of CVEs is not
because this program is secure but because no one bothers looking.

Popcon 83 inst, 3 vote.

Reply via email to