Package: httpdirfs Version: 1.2.4-1 Severity: serious Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Package: httpdirfs Version: 1.2.4-2 Depends: ..., libubsan1 (>= 8), ... This is a bad idea not only due to slower execution, but might even introduce vulnerabilities: https://www.openwall.com/lists/oss-security/2016/02/17/9 While there are safe usages of ubsan, httpdirfs being the only package in the archive that uses ubsan but not asan is something that sounds wrong and underreviewed.