Public bug reported:
Please remove sql-ledger source and binary packages from devel/yakkety
Rationale:
This should be removed from the Ubuntu archive because neither Ubuntu nor
Debian are actively maintaining this package. It is not tracking upstream -
latest upstream version is 3.2.1 and latest Debian and Ubuntu package releases
are 3.0.8. 3.2.0 was released six months ago.
It has open CVEs dating back to 2007 which "allows remote attackers to
read and overwrite arbitrary files, and execute arbitrary code".
The packaging note explicitly states that it is not receiving security
updates ("This package does not benefit from serious security support")
but the package deals with accounting and money which require a high
degree of security and trust.
$ reverse-depends sql-ledger
No reverse dependencies found
** Affects: sql-ledger (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1598308
Title:
Remove sql-ledger from devel/yakkety
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sql-ledger/+bug/1598308/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
