Package: sabnzbdplus Version: 3.1.1+dfsg-2+deb11u1 Severity: important Dear Maintainer,
according to their github homepage their is a security flaw, enabling a dependency to write outside of the configuration of the package. regards chris -- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-19-amd64 (SMP w/4 CPU threads) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sabnzbdplus depends on: ii init-system-helpers 1.60 ii libjs-bootstrap 3.4.1+dfsg-2 ii libjs-jquery 3.5.1+dfsg+~3.5.5-7 ii libjs-jquery-ui 1.12.1+dfsg-8+deb11u1 ii libjs-moment 2.29.1+ds-2+deb11u2 ii lsb-base 11.1.0 ii par2 0.8.1-1 ii python3 3.9.2-3 ii python3-chardet 4.0.0-1 ii python3-cheetah 3.2.6-1+b1 ii python3-cherrypy3 8.9.1-8 ii python3-configobj 5.0.6-4 ii python3-cryptography 3.3.2-1 ii python3-feedparser 5.2.1-3 ii python3-portend 2.6-1 ii python3-sabyenc 4.0.2-1+b2 ii python3-six 1.16.0-2 ii unrar 1:6.0.3-1+deb11u1 Versions of packages sabnzbdplus recommends: ii libavahi-compat-libdnssd1 0.8-5+deb11u1 ii p7zip-full 16.02+dfsg-8 ii python3-dbus 1.2.16-5 ii python3-notify2 0.3-4 ii unzip 6.0-26+deb11u1 sabnzbdplus suggests no packages. -- no debconf information