Your message dated Tue, 15 Apr 2014 20:24:21 +0200
with message-id <534d7955.5040...@thykier.net>
and subject line Re: Bug#637040: RM: t1lib/5.1.2-3
has caused the Debian Bug report #637040,
regarding RM: t1lib/5.1.2-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
637040: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637040
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: rm
Severity: normal
Hi,
t1lib has a significant set of security vulnerablities [0] and there
is no sign of them ever getting fixed with upstream missing in action
for over three years now. Because of these issues, xpdf for example
has dropped support for it in favor of freetype2 [1]. poppler did
this a long time ago as well.
There are a few reverse dependencies, which could also be updated to
use freetype instead. These include:
php5 (php5-gd binary package)
xdvik-ja
vflib3
matita
libimager-perl
lablgtkmathview
grace
evince (libevince3 binary package)
dvipng
I would recommend removing t1lib from the archive. If the release
team concurs with this, I will file serious bugs against the
reverse dependencies.
Once that's done and everyone is in concurrance, I'll send a
message to the ftp masters for removal.
Best wishes,
Mike
[0] http://security-tracker.debian.org/tracker/source-package/t1lib
[1] http://www.foolabs.com/xpdf/download.html
--- End Message ---
--- Begin Message ---
On 2011-08-08 02:36, Michael Gilbert wrote:
> Package: release.debian.org
> User: release.debian....@packages.debian.org
> Usertags: rm
> Severity: normal
>
> Hi,
>
> t1lib has a significant set of security vulnerablities [0] and there
> is no sign of them ever getting fixed with upstream missing in action
> for over three years now. Because of these issues, xpdf for example
> has dropped support for it in favor of freetype2 [1]. poppler did
> this a long time ago as well.
>
> There are a few reverse dependencies, which could also be updated to
> use freetype instead. These include:
>
> php5 (php5-gd binary package)
> xdvik-ja
> vflib3
> matita
> libimager-perl
> lablgtkmathview
> grace
> evince (libevince3 binary package)
> dvipng
>
> I would recommend removing t1lib from the archive. If the release
> team concurs with this, I will file serious bugs against the
> reverse dependencies.
>
> Once that's done and everyone is in concurrance, I'll send a
> message to the ftp masters for removal.
>
> Best wishes,
> Mike
>
> [0] http://security-tracker.debian.org/tracker/source-package/t1lib
> [1] http://www.foolabs.com/xpdf/download.html
>
>
>
As stated in #742793, we have added a removal hint for t1lib.
Accordingly, I am closing this bug.
~Niels
--- End Message ---
