Hello, I believe we should mark guacamole-client as end-of-life in Stretch but I would like to hear your opinion too. Guacamole in Stretch is a five year old web application with four open CVE. Upstream recommends to upgrade to the latest 1.4.0 release and does not provide further details about specific patches. I have checked the debdiff between 1.3.0 and 1.4.0 and it contains several files which could be related to CVE-2021-41767 for example. Since guacamole-client is also not a very popular package and not part of Buster or Bullseye, I suggest to mark it EOL. Comments?
Regards, Markus
signature.asc
Description: This is a digitally signed message part
