[Secure-testing-team] Bug#497225: gnome-alsamixer: Dead upstream package without maintainer bug fixes is security risk

Osamu Aoki osamu at debian.org
Sun Aug 31 02:20:55 UTC 2008 

Package: gnome-alsamixer
Version: 0.9.7~cvs.20060916.ds.1-2
Severity: grave
Tags: security
Justification: user security hole

I am filing this bug to discuss removal of this package from leny.

1. The upstream is dead.
   Last release 2006-08-06 (CVS)
   Current Gnome distribution does not include this software.
2. gnome-alsamixer does not identify new hardwares correctly.
   I have HDA Intel but gnome-alsamixer show it as Sigmatel ....
3. The better alsa mixer support functionality is in GNOME-Applets.
   New gnome-volume-control does better job.
4. No dependency requireis this package in lenny.
5. There are 2 bugs marked upstream.
   The maintainer did not look into these bugs. 
   (I think one of it is just warning, so it may be OK ...)

I know current maintainer took effort for lenny:
 http://packages.qa.debian.org/g/gnome-alsamixer.html

I think having unmaintained package our archive with no added benefits
is bad idea for security review.

If my asessment is wrong, maintainer can close this bug.

But I think it is time to request removal.

(Or maintainer to upload transition package and hint it to
debian-release to include it to lenny)

Thans for your work and best regards,

Osamu

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnome-alsamixer depends on:
ii  gconf2                     2.22.0-1      GNOME configuration database syste
ii  libart-2.0-2               2.3.20-2      Library of functions for 2D graphi
ii  libasound2                 1.0.16-2      ALSA library
ii  libatk1.0-0                1.22.0-1      The ATK accessibility toolkit
ii  libbonobo2-0               2.22.0-1      Bonobo CORBA interfaces library
ii  libbonoboui2-0             2.22.0-1      The Bonobo UI library
ii  libc6                      2.7-13        GNU C Library: Shared libraries
ii  libcairo2                  1.6.4-6       The Cairo 2D vector graphics libra
ii  libgconf2-4                2.22.0-1      GNOME configuration database syste
ii  libglib2.0-0               2.16.5-1      The GLib library of C routines
ii  libgnome2-0                2.20.1.1-1    The GNOME 2 library - runtime file
ii  libgnomecanvas2-0          2.20.1.1-1    A powerful object-oriented display
ii  libgnomeui-0               2.20.1.1-1    The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0             1:2.22.0-4    GNOME Virtual File System (runtime
ii  libgtk2.0-0                2.12.11-3     The GTK+ graphical user interface 
ii  libice6                    2:1.0.4-1     X11 Inter-Client Exchange library
ii  liborbit2                  1:2.14.13-0.1 libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0              1.20.5-2      Layout and rendering of internatio
ii  libpopt0                   1.14-4        lib for parsing cmdline parameters
ii  libsm6                     2:1.0.3-2     X11 Session Management library

gnome-alsamixer recommends no packages.

gnome-alsamixer suggests no packages.

-- no debconf information

More information about the Secure-testing-team mailing list