On Fri, 13 Jan 2017 17:14:29 +0100 =?UTF-8?B?QsOhbGludCBSw6ljemV5?= <bal...@balintreczey.hu> wrote: > Package: debian-security-support > Version: 2016.05.24~deb7u1 > Severity: normal > > While fixing security bugs in ming I raised my concerns about the > general code quality and the lack of proper input sanitization at > numerous places in the code [1] > > Upstream seems to be dead [2] and the package has already been removed > from jessie and later releases [3]. > > I believe the proper move would be listing the package as unsupported > since there are many potential vulnerabilities are left in the code > even after fixing the known ones.
It seems active again, see: https://github.com/libming/libming/issues/62 https://github.com/libming/libming/issues/70 https://github.com/libming/libming/commits/master Given the above I would rather still support this for the remaining lifetime of wheezy, unless we find again at some point that it's really unsupportable. Cheers, Emilio
