I reviewed libebur128 1.2.6-1build1 as checked into questing. This shouldn't be considered a full audit but rather a quick gauge of maintainability.
libebur128 is a library that implements the EBU R128 loudness standard. - CVE History - none - Build-Depends - debhelper (main) - cmake (main) - pkgconf (main) - pre/post inst/rm scripts - none - init scripts - none - systemd units - none - dbus services - none - setuid binaries - none - binaries in PATH - none - sudo fragments - none - polkit files - none - udev rules - none - unit tests / autopkgtests - not running tests when building. - no autopkgtests - cron jobs - none - Build logs - looks fine - Processes spawned - none - Memory management - We found a possible memory leak - File IO - only in tests - Logging - none - Environment variable usage - none - Use of privileged functions - none - Use of cryptography / random number sources etc - none - Use of temp files - none - Use of networking - none - Use of WebKit - none - Use of PolicyKit - none - Any significant cppcheck results - looks fine - Any significant Coverity results - none - Any significant shellcheck results - none - Any significant bandit results - none - Any significant govulncheck results - none - Any significant Semgrep results - none Upstream does not have a SECURITY.md file on their github page. Upstream has a couple of unattended open issues on their github page. Can we make the tests run at build time? Security team ACK for promoting libebur128 to main. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2118381 Title: [MIR] libebur128 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libebur128/+bug/2118381/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
