A new upstream version 4.8.30 is available, you should consider packaging it.
debian/patches: 1 patch with invalid metadata, 4 patches to forward upstream
high
Among the 10 debian patches
available in version 3:4.8.29-2 of the package,
we noticed the following issues:
1 patch with
invalid metadata that ought to be fixed.
4 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
1 issue left for the package maintainer to handle:
CVE-2021-36370:
(needs triaging)
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.