Package: kbuild Version: 1:0.1.9998svn3293+dfsg-2 Severity: important Tags: security
kbuild contains an embedded copy of GNU make. It is shipped as kmk_gmake. Please consider removing the embedded copy. Presently, it uses GNU make 4.2.1, which is the same version as make-dfsg, so this might be a convenience copy. Failing that, please register your copy writh the security tracker. Refer to https://wiki.debian.org/EmbeddedCodeCopies for instructions on how to do that. Given that make has previously received CVEs, getting rid of the copy is strongly preferred. Helmut

