[Bug 1242561] Re: [MIR] libestr
Jeremy Bicha
jeremy at bicha.net
Sat Apr 7 18:47:43 UTC 2018
libestr has been in main for a while so I'm closing this bug.
** Changed in: libestr (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libestr in Ubuntu.
https://bugs.launchpad.net/bugs/1242561
Title:
[MIR] libestr
Status in libestr package in Ubuntu:
Fix Released
Bug description:
The new upstream version of rsyslog found in Debian unstable depends
unconditionally on libestr. As a string handling library that will be
used by a privileged process, this is a fairly security-sensitive
library.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libestr and
http://people.canonical.com/~ubuntu-security/cve/universe.html show
zero CVEs for this package, but as a little-known library that's only
been around for 3 years, a more thorough security audit is probably
needed. The source does build cleanly with -Werror -Wall, which is a
hopeful sign.
The package has no other dependencies.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libestr/+bug/1242561/+subscriptions
More information about the foundations-bugs
mailing list