Bug#808257: libnsbmp: Should libnsbmp be removed from Debian?
Control: clone -1 -2 Control: reassign -2 ftp.debian.org Control: severity -2 normal Control: retitle -2 'RM: libnsbmp -- RoQA; unused library package, unmaintained, has security issues' On Thu, Dec 17, 2015 at 09:43:18PM +0100, Raphaël Hertzog wrote: > Hello, > > libnsbmp has not seen a maintainer upload ever since its addition to > Debian in 2009. > > Recently two CVE [1] have been reported against this package and I wonder > why we have this package in Debian at all. > > [1] https://security-tracker.debian.org/tracker/source-package/libnsbmp > > There are no reverse dependencies, maybe netsurf used this library at some > point but that seems to no longer be the case. > > If you agree with me please clone this bug against ftp.debian.org and > retitle it as "RM: libnsbmp -- ROM; unused library package". > > In the mean time I file this as severity serious so that the package gets > dropped from testing given its unmaintained state. I think we should do that now, it has been removed from testing for a while and we have done similarly for libnsgif already. Regards, Salvatore
Processed: Re: Bug#808257: libnsbmp: Should libnsbmp be removed from Debian?
Processing control commands: > clone -1 -2 Bug #808257 [src:libnsbmp] libnsbmp: Should libnsbmp be removed from Debian? Bug 808257 cloned as bug 819983 > reassign -2 ftp.debian.org Bug #819983 [src:libnsbmp] libnsbmp: Should libnsbmp be removed from Debian? Bug reassigned from package 'src:libnsbmp' to 'ftp.debian.org'. Ignoring request to alter found versions of bug #819983 to the same values previously set Ignoring request to alter fixed versions of bug #819983 to the same values previously set > severity -2 normal Bug #819983 [ftp.debian.org] libnsbmp: Should libnsbmp be removed from Debian? Severity set to 'normal' from 'serious' > retitle -2 'RM: libnsbmp -- RoQA; unused library package, unmaintained, has > security issues' Bug #819983 [ftp.debian.org] libnsbmp: Should libnsbmp be removed from Debian? Changed Bug title to ''RM: libnsbmp -- RoQA; unused library package, unmaintained, has security issues'' from 'libnsbmp: Should libnsbmp be removed from Debian?'. -- 808257: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808257 819983: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819983 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#808257: libnsbmp: Should libnsbmp be removed from Debian?
Source: libnsbmp Severity: serious Hello, libnsbmp has not seen a maintainer upload ever since its addition to Debian in 2009. Recently two CVE [1] have been reported against this package and I wonder why we have this package in Debian at all. [1] https://security-tracker.debian.org/tracker/source-package/libnsbmp There are no reverse dependencies, maybe netsurf used this library at some point but that seems to no longer be the case. If you agree with me please clone this bug against ftp.debian.org and retitle it as "RM: libnsbmp -- ROM; unused library package". In the mean time I file this as severity serious so that the package gets dropped from testing given its unmaintained state. Thank you! -- System Information: Debian Release: stretch/sid APT prefers squeeze-lts APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)