On 08.08.12 Silvio Cesare (silvio.cesare@gmail.com) wrote: Hi Silvio, > Package: luatex > Severity: important > Tags: security > > I have been working on a tool called Clonewise to automatically > identify embedded code copies in Debian packages and determine if > they are out of date and vulnerable. Ideally, embedding code and > libraries should be avoided and a system wide library should be > used instead. > I've no clue how your tool works. Yes, we ship a few of libs sources in the luatex source package, but not all of them are build, hence not used used. Especially for poppler we use the shared poppler lib packaged in Debian. Could you double check, if this a false positivee? Hilmar -- sigmentation fault
Attachment:
signature.asc
Description: Digital signature