** Description changed: The new nfs-utils in Debian adds dependencies on libtirpc and rpcbind for IPv6. One is a network-sensitive library and the other is a network server, so I guess we'll want some careful review. + Please do not process this MIR until we have a new libtirpc in Debian + dropping the build-dep on libgss-dev. == libtirpc == * Availability: Package is in universe, synced from Debian * Rationale: Dependency of rpcbind which is required for IPv6 support * Security: ** No CVE: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tirpc ** 2 old (2008) secunia advisories: http://secunia.com/advisories/product/17898/?task=advisories (fixed by upstream) ** Ubuntu CVE tracker: none ** SUID/SGID binaries: none ** Executables in sbin: none ** Daemons: none * QA: ** Just a library with two binary packages (one for the lib and one -dev), no debconf question or configuration. ** No bug in Ubuntu: https://launchpad.net/ubuntu/+source/libtirpc/+bugs ** No critical bugs in Debian: http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=libtirpc ** Package is maintained in Debian though not very active (last upload in December, moved to testing in February) - ** Build-depends on universe package "libgss-dev" which seems useless and should be dropped - *** A rebuild without the build-depend worked fine - *** Output of ldd is identical - *** Output of strings is identical + ** Currently Build-depends on universe package "libgss-dev" but isn't necessary. Next Debian upload will drop it. + + == rpcbind == + * Availability: Package is in universe, synced from Debian. + * Rationale: Replacement of portmap as a nfs-utils build-depend required for IPv6 support. + * Security: + ** No CVE that seem to target the current code base: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tirpc + ** No secunia advisories: http://secunia.com/search/?search=rpcbind + ** Ubuntu CVE tracker: none + ** SUID/SGID binaries: none + ** Executables in sbin: /sbin/rpcbind (the daemon) and /usr/sbin/rpcinfo (a client) + ** Daemons: rpcbind (sysvinit script, probably to be converted to upstart similar to what was done for portmap) + * QA: + ** No debconf question, one config file in /etc (/etc/insserv.conf.d/rpcbind) but no user changes required + ** No critical bugs in Ubuntu: https://launchpad.net/ubuntu/+source/rpcbind/+bugs + ** No critical bugs in Debian: http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=rpcbind + ** Package is maintained in Debian, last upload in March. + ** Depends and build-depends on libtirpc (see MIR above)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/781516 Title: [MIR] libtirpc, rpcbind -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
