Source: rplay Version: 3.3.2-21 Severity: important The homepage URL http://rplay.doit.org/ no longer exists.
It is even the hostname rplay.doit.org that no longer exists. So there is a risk that a malicious person takes this hostname (I could not find any information about who is behind doit.org and how subdomains / hostnames are attributed) and distributes malware. Please update the homepage and the copyright file. Possibly, remove this package from Debian if upstream no longer exists. The source looks rather dubious, e.g. the use of atoi on something that looks like unsanitized data from a remote server. FYI, on my machine, librplay3 is installed just because fvwm depends on it. But I hope that it is not actually used. -- System Information: Debian Release: forky/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.7.12-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
