Package: ftp.debian.org Severity: normal Dear ftpmasters,
flif (source package) is affected by several unfixed upstream bugs. Some of these bugs are security issues, in particular: CVE-2018-10971 (Debian bug #898406) CVE-2018-10972 (Debian bug #898407) CVE-2018-11507 (Debian bug #902188) CVE-2018-12109 (Debian bug #902196) and upstream is not responsive. At the moment no packages depends on any of the binary packages built from flif and, given the state of the package, dependencies are to be avoided for the time being. For this reasons, I would like flif to be removed from unstable. I uploaded a revision to experimental to keep the package available while making it clear that there are problems with it. The situation is explained in its NEWS.Debian. Thank you, Paride