Bug#637040: RM: t1lib/5.1.2-3

To: submit@bugs.debian.org
Subject: Bug#637040: RM: t1lib/5.1.2-3
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sun, 7 Aug 2011 20:36:04 -0400
Message-id: <[🔎] 20110807203604.06212194.michael.s.gilbert@gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 637040@bugs.debian.org

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: rm
Severity: normal

Hi,

t1lib has a significant set of security vulnerablities [0] and there
is no sign of them ever getting fixed with upstream missing in action
for over three years now.  Because of these issues, xpdf for example
has dropped support for it in favor of freetype2 [1].  poppler did 
this a long time ago as well.

There are a few reverse dependencies, which could also be updated to
use freetype instead.  These include:
  
  php5 (php5-gd binary package)
  xdvik-ja
  vflib3
  matita
  libimager-perl
  lablgtkmathview
  grace
  evince (libevince3 binary package)
  dvipng

I would recommend removing t1lib from the archive.  If the release
team concurs with this, I will file serious bugs against the
reverse dependencies.

Once that's done and everyone is in concurrance, I'll send a
message to the ftp masters for removal.

Best wishes,
Mike

[0] http://security-tracker.debian.org/tracker/source-package/t1lib
[1] http://www.foolabs.com/xpdf/download.html

Reply to:

Follow-Ups:
- Bug#637040: RM: t1lib/5.1.2-3
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Bug#637020: pu: package zfsutils/8.1-5
Next by Date: NEW changes in proposedupdates
Previous by thread: Bug#637020: pu: package zfsutils/8.1-5
Next by thread: Bug#637040: RM: t1lib/5.1.2-3
Index(es):
- Date
- Thread