On Wed, Aug 8, 2012 at 5:37 PM, Hilmar Preusse <email@example.com>
On 08.08.12 Silvio Cesare (firstname.lastname@example.org) wrote:
> Package: luatex
> Severity: important
> Tags: security
> I have been working on a tool called Clonewise to automatically
> identify embedded code copies in Debian packages and determine if
> they are out of date and vulnerable. Ideally, embedding code and
> libraries should be avoided and a system wide library should be
> used instead.
I've no clue how your tool works. Yes, we ship a few of libs sources
in the luatex source package, but not all of them are build, hence
not used used. Especially for poppler we use the shared poppler lib
packaged in Debian.
Could you double check, if this a false positivee?