1 issue left for the package maintainer to handle:
CVE-2024-34490:
(needs triaging)
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d.
Among the 7 debian patches
available in version 5.47.0-4 of the package,
we noticed the following issues:
7 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.7.0 instead of
4.6.0.1).