I've asked the security team to provide me feedback on my report, before pasting it in here.
The version I audited had inconsistent stack protection and fortify, and missed PIE and BIND_NOW completely. I understand those are fixed in a newer upload. The version I audited also did not have any kind of testing. Please provide some sample mspub files and compare the results of pub2xhtml against 'known good' versions in the build process so that we can have more confidence when maintaining this package in the future. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1124082 Title: [MIR] libmspub To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmspub/+bug/1124082/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
