Lintian reports
4 errors
and
421 warnings
about this package. You should make the package lintian clean getting rid of them.
The package has not entered testing even though the delay is over
normal
The package has not entered testing even though the 2-day delay is over.Check why.
debian/patches: 16 patches to forward upstream
low
Among the 17 debian patches
available in version 9.3.0+dfsg1-7 of the package,
we noticed the following issues:
16 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.7.2 instead of
4.6.2).
CVE-2021-42521:
There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.
Migration status for vtk9 (9.3.0+dfsg1-4 to 9.3.0+dfsg1-7): BLOCKED: Cannot migrate due to another item, which is blocked (please check which dependencies are stuck)