Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
No revdeps, m-n, seems dead upstream based on the email thread at $URL. CCing treecleaner.
removing such a package over a triviality like this is most unethical.
(In reply to James Cloos from comment #2)
> removing such a package over a triviality like this is most unethical.