[Secure-testing-team] Bug#648508: cabextract, evolution-ews, msn-pecan, clamav, calibre: Embedded code copies of libmspack
Josselin Mouette
joss at debian.org
Sat Nov 12 12:27:04 UTC 2011
Package: cabextract,evolution-ews,msn-pecan,clamav,calibre
Severity: normal
Tags: security
Hi,
the following packages include embedded copies of libmspack:
- cabextract can use the external libmspack, but it is not packaged in
Debian.
- evolution-ews includes a modified version of an older libmspack.
- msn-pecan includes a complete copy of an older libmspack, it could
probably be made to use it instead.
- clamav embeds a modified version of an older libmspack.
- calibre embeds a complete copy of an older libmspack, it could
probably be made to use an external one instead.
There may be other packages impacted. For example I found traces of it
in older versions of spamassassin and OOo. I have not conducted a
thorough check of the archive.
This report is here to track the issue and inform the security team of
its existence. If we want it fixed, someone needs to step up and package
libmspack so that other packages can use it instead of embedding.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `'
`-
More information about the Secure-testing-team
mailing list