Source: ncmpc Version: 0.27-1 Severity: important I inted to salvage ncmpc into the mpd team.
Over the last four years, this package has seen one NMU and one regular upload, both introducing new upstream versions. Since then, upstream has released six new versions, fixing crashes and other bugs: https://raw.githubusercontent.com/MusicPlayerDaemon/ncmpc/v0.33/NEWS For over eight months, ncmpc has a security bug open #894724 / CVE-2018-9240. The bug reporter provided a patch for the version of ncmpc in Debian, and Upstream released a fixed version a few days later in April 2018. However there was no reaction from the package maintainer, and the version currently in unstable remains affected. In #902699 frequent segfaults are reported; the upstream author comments that the issue has already been fixed in a new upstream version; no reaction from the maintainer for over five months. None of the new bugs reports of the last 12 months has received communications from the package maintainer. An interested New Maintainer prepared a package update on salsa and tried to contact the ncmpc maintainer several times to offer help, but got no answer. In accordance with the package salvaging process as outlined in https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#idm1880, this bug is open for comments and objections for 21 days, after which I am going to do a take-over for the mpd team and upload ncmpc to DELAYED/7. Florian
