vcswatch reports that
this package seems to have a new changelog entry (version
2.1.2.1-6, distribution
UNRELEASED) and new commits
in its VCS. You should consider whether it's time to make
an upload.
1 issue left for the package maintainer to handle:
CVE-2022-3433:
(needs triaging)
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
Among the 4 debian patches
available in version 2.1.2.1-5 of the package,
we noticed the following issues:
3 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.