Source: openslp-dfsg Severity: serious The last maintainer upload of openslp happened in 2007 and it's orphaned for 5.5 years now. The 1.2 branch is completely abandoned upstream. At the minimum the package should be upgraded to 2.0, but the comment at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5177 suggests it's completely abandoned upstream. Cheers, Moritz