Control: clone -1 -2 Control: reassign -2 ftp.debian.org Control: severity -2 normal Control: retitle -2 'RM: libnsbmp -- RoQA; unused library package, unmaintained, has security issues'
On Thu, Dec 17, 2015 at 09:43:18PM +0100, Raphaƫl Hertzog wrote: > Hello, > > libnsbmp has not seen a maintainer upload ever since its addition to > Debian in 2009. > > Recently two CVE [1] have been reported against this package and I wonder > why we have this package in Debian at all. > > [1] https://security-tracker.debian.org/tracker/source-package/libnsbmp > > There are no reverse dependencies, maybe netsurf used this library at some > point but that seems to no longer be the case. > > If you agree with me please clone this bug against ftp.debian.org and > retitle it as "RM: libnsbmp -- ROM; unused library package". > > In the mean time I file this as severity serious so that the package gets > dropped from testing given its unmaintained state. I think we should do that now, it has been removed from testing for a while and we have done similarly for libnsgif already. Regards, Salvatore
