Public bug reported: The new upstream version of rsyslog found in Debian unstable depends unconditionally on libestr. As a string handling library that will be used by a privileged process, this is a fairly security-sensitive library.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libestr and http://people.canonical.com/~ubuntu-security/cve/universe.html show zero CVEs for this package, but as a little-known library that's only been around for 3 years, a more thorough security audit is probably needed. The source does build cleanly with -Werror -Wall, which is a hopeful sign. The package has no other dependencies. ** Affects: libestr (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1242561 Title: [MIR] libestr To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libestr/+bug/1242561/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
