Version 1:10.0.0-3 of heat is marked for autoremoval from testing on Tue 28 Aug 2018. It is affected by #903868. The removal of heat will also cause the removal of (transitive) reverse dependency: openstack-meta-packages. You should try to prevent the removal by fixing these RC bugs.
CVE-2016-9185: In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.
CVE-2015-5295: The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
Please fix them.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.2.0 instead of
4.1.3).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/h/heat.png){kind=link}