tag 637040 moreinfo kthxbye On Sun, Aug 7, 2011 at 20:36:04 -0400, Michael Gilbert wrote:
> t1lib has a significant set of security vulnerablities [0] and there > is no sign of them ever getting fixed with upstream missing in action > for over three years now. Because of these issues, xpdf for example > has dropped support for it in favor of freetype2 [1]. poppler did > this a long time ago as well. > > There are a few reverse dependencies, which could also be updated to > use freetype instead. These include: > > php5 (php5-gd binary package) > xdvik-ja > vflib3 > matita > libimager-perl > lablgtkmathview > grace > evince (libevince3 binary package) > dvipng > > I would recommend removing t1lib from the archive. If the release > team concurs with this, I will file serious bugs against the > reverse dependencies. > > Once that's done and everyone is in concurrance, I'll send a > message to the ftp masters for removal. > As said on irc, filing (non-RC for now) bugs against the reverse dependencies and providing patches as much as possible should happen prior to any removal. Tagging moreinfo for now. Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org