[Bug 1242561] Re: [MIR] libestr
Michael Terry
michael.terry at canonical.com
Mon Dec 2 10:02:57 UTC 2013
Approved. From a packaging side, things seem OK. Bug subscriber, no
important bugs, small delta (just a version bump). I share Seth's
concerns that this really needs tests. But if Seth ACKs, that's enough
for me.
We have actually pushed a patch for DEP8 tests on to Debian (bug
1117222). So hopefully that can start a Debian-side test suite.
** Changed in: libestr (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libestr in Ubuntu.
https://bugs.launchpad.net/bugs/1242561
Title:
[MIR] libestr
Status in “libestr” package in Ubuntu:
Fix Committed
Bug description:
The new upstream version of rsyslog found in Debian unstable depends
unconditionally on libestr. As a string handling library that will be
used by a privileged process, this is a fairly security-sensitive
library.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libestr and
http://people.canonical.com/~ubuntu-security/cve/universe.html show
zero CVEs for this package, but as a little-known library that's only
been around for 3 years, a more thorough security audit is probably
needed. The source does build cleanly with -Werror -Wall, which is a
hopeful sign.
The package has no other dependencies.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libestr/+bug/1242561/+subscriptions
More information about the foundations-bugs
mailing list