Package: h2o Version: 2.2.5+dfsg2-7 Severity: important X-Debbugs-Cc: demioben...@gmail.com
Dear Maintainer, Upstream H2O no longer makes releases (https://github.com/h2o/h2o/3230) and the tagged releases are therefore EOL and do not get security patches anymore. This means that there might be upstream vulnerabilities that affect Debian's H2O package. I recommend either dropping H2O from Debian altogether or basing the package directly on upstream git master. The latter might or might not be suitable for Debian in light of the stability guarantees Debian provides. -- System Information: Debian Release: 12.10 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.21-1.qubes.fc37.x86_64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
