A new upstream version is available: 0.9.5.5.srchigh
A new upstream version 0.9.5.5.src is available, you should consider packaging it.
debian/patches: 3 patches with invalid metadata, 2 patches to forward upstream
high
Among the 5 debian patches
available in version 0.9.1.2-11 of the package,
we noticed the following issues:
3 patches with
invalid metadata that ought to be fixed.
2 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
1 issue left for the package maintainer to handle:
CVE-2019-5427:
(needs triaging)
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
Migration status for c3p0 (0.9.1.2-10.1 to 0.9.1.2-11): Waiting for test results or another package, or too young (no action required now - check later)