Bug#637040: RM: t1lib/5.1.2-3
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: rm
Severity: normal
Hi,
t1lib has a significant set of security vulnerablities [0] and there
is no sign of them ever getting fixed with upstream missing in action
for over three years now. Because of these issues, xpdf for example
has dropped support for it in favor of freetype2 [1]. poppler did
this a long time ago as well.
There are a few reverse dependencies, which could also be updated to
use freetype instead. These include:
php5 (php5-gd binary package)
xdvik-ja
vflib3
matita
libimager-perl
lablgtkmathview
grace
evince (libevince3 binary package)
dvipng
I would recommend removing t1lib from the archive. If the release
team concurs with this, I will file serious bugs against the
reverse dependencies.
Once that's done and everyone is in concurrance, I'll send a
message to the ftp masters for removal.
Best wishes,
Mike
[0] http://security-tracker.debian.org/tracker/source-package/t1lib
[1] http://www.foolabs.com/xpdf/download.html
Reply to: