Hi, torrentflux recently had several vulnerabilities due to not properly sanitizing user input [1,2]. I think this is a candidate for an audit or/and exclusion from etch. Does anyone have time for an audit? Cheers, Stefan [1] http://security-tracker.debian.net/tracker/source-package/torrentflux [2] After a quick check, I found an issue with the ''announce'' parameter in maketorrent.php. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061118/aa643b26/attachment.pgp