[MIR] libtrio
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libtrio (Ubuntu) |
Invalid
|
High
|
Ubuntu Security Team |
Bug Description
[Availability]
libtrio is already available in Universe and builds for all supported architectures in Wily.
[Rationale]
libtrio is needed by the current version of Ghostscript (9.16) which is an essential part of the printing stack in Main. Ghostscript contains copies of all libraries it needs, but we want to use the libraries from the system's packages to do not duplicate source code which makes security updates more difficult and wastes space.
[Security]
No open or solved security issues or CVEs found.
This is a standard library package consisting of a binary package for the library itself and a -dev package. The files contained are only the usual *.so*, *.a, and *.h files, no SUID, SGID, /usr/sbin/*, daemons, does not listen on any port.
[Quality assurance]
Simple, straight library package, no direct user interaction, no UI or GUI, contains only the usual *.so*, *.a, and *.h files. API is documented in the -dev package.
No debconf questions asked during install.
Only one Ubuntu bug, no open Debian bugs.
Package is maintained, there are regular package uploads. Upstream version is the current one.
watch file is included.
[Dependencies]
Nothing special, only standard build tools which are in Main.
[Standards compliance]
Library package packaged following the standards for libraries. no UI/GUI .
[Maintenance]
Regular uploads by the package maintainer. Current package upstream version is the actally current upstream version.
[Background information]
Package is an improved replacement for printf(), used by current Ghostscript
Package is in Main in Debian.
Changed in libtrio (Ubuntu): | |
importance: | Undecided → High |
This looks mostly OK from a packaging point of view. Has nice symbols files, runs tests, no delta, etc.
- Bug 1371782 should be fixed, eh?
- It needs a team bug subscriber.
- It needs a security lookover. A printf replacement library screams 'buffer overflows' to me.