[MIR] libquvi
Bug #722591 reported by
Martin Pitt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libquvi (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
o libquvi: libquvi-dev libquvi-doc libquvi0
[Reverse-
[Reverse-
TBD..
Changed in libquvi (Ubuntu): | |
assignee: | nobody → Martin Pitt (pitti) |
status: | New → Incomplete |
Changed in libquvi (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
To post a comment you must log in.
I checked all points from https:/ /wiki.ubuntu. com/UbuntuMainI nclusionRequire ments. Noteworthy comments:
- well maintained in Debian for about a year now; package got bugs, and all of them got fixed so far
- libquvi0 is badly packaged, it has files in non SONAME specific directory /usr/share/ quvi/lua/ . I just filed a bug about this. If there is a SONAME bump, we could work around this with a Replaces:, so it's not a total blocker for MIR, but at least should be called out.
- The code doesn't use any dynamic memory allocation at all (only in the autogenerated cmdline.c, from gengetopt), and in general looks careful. I checked for some common security pitfalls, looks fine. It's not much C code anyway.