[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

EOL guacamole-client in Stretch



Hello,

I believe we should mark guacamole-client as end-of-life in Stretch but I would
like to hear your opinion too. Guacamole in Stretch is a five year old web
application with four open CVE. Upstream recommends to upgrade to the latest
1.4.0 release and does not provide further details about specific patches. I
have checked the debdiff between 1.3.0 and 1.4.0 and it contains several files
which could be related to CVE-2021-41767 for example. Since guacamole-client is
also not a very popular package and not part of Buster or Bullseye, I suggest
to mark it EOL. Comments?

Regards,

Markus

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: