Severity: normal

Dear ftpmasters,

flif (source package) is affected by several unfixed upstream bugs. Some
of these bugs are security issues, in particular:

  CVE-2018-10971 (Debian bug #898406)
  CVE-2018-10972 (Debian bug #898407)
  CVE-2018-11507 (Debian bug #902188)
  CVE-2018-12109 (Debian bug #902196)

and upstream is not responsive. At the moment no packages depends on any
of the binary packages built from flif and, given the state of the
package, dependencies are to be avoided for the time being. For this
reasons, I would like flif to be removed from unstable. I uploaded a
revision to experimental to keep the package available while making it
clear that there are problems with it. The situation is explained in its

Thank you,


Reply via email to