[Secure-testing-team] Embedded libsilc copy in silc-client (was: Bits from the Testing Security team)
Jérémy Bobbio
lunar at debian.org
Sun Oct 14 22:09:35 UTC 2007
On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote:
> Embedded code copies
> --------------------
>
> There are a number of packages including source code from external
> libraries, for example poppler is included in xpdf, kpdf and others. To
> ensure that we don't miss any vulnerabilities in packages that do so we
> maintain a list[6] of embedded code copies in Debian. It is preferable
> that you do not embed copies of code in your packages, but instead link
> against packages that already exist in the archive. Please contact us
> about any missing items you know about.
The silc-client package uses an embedded copy of the silc-toolkit
(libsilc and libsilcclient). It is currently required to build
irssi-plugin-silc which apparently can't use system-wide libraries.
I really doubt that this could not be solved, but no one has been able
to put the necessary efforts into it until now.
And congrats for all the work in providing a more secure Debian! :)
Cheers,
--
Jérémy Bobbio .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071015/8056e49b/attachment.pgp
More information about the Secure-testing-team
mailing list