[Bug 1242561] Re: [MIR] libestr
Michael Terry
michael.terry at canonical.com
Mon Oct 21 13:21:05 UTC 2013
** Changed in: libestr (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libestr in Ubuntu.
https://bugs.launchpad.net/bugs/1242561
Title:
[MIR] libestr
Status in “libestr” package in Ubuntu:
New
Bug description:
The new upstream version of rsyslog found in Debian unstable depends
unconditionally on libestr. As a string handling library that will be
used by a privileged process, this is a fairly security-sensitive
library.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libestr and
http://people.canonical.com/~ubuntu-security/cve/universe.html show
zero CVEs for this package, but as a little-known library that's only
been around for 3 years, a more thorough security audit is probably
needed. The source does build cleanly with -Werror -Wall, which is a
hopeful sign.
The package has no other dependencies.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libestr/+bug/1242561/+subscriptions
More information about the foundations-bugs
mailing list