--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: cabextract, evolution-ews, msn-pecan, clamav, calibre: Embedded code copies of libmspack
- From: Josselin Mouette <joss@debian.org>
- Date: Sat, 12 Nov 2011 13:27:04 +0100
- Message-id: <20111112122703.GA32725@malsain.org>
Package: cabextract,evolution-ews,msn-pecan,clamav,calibre
Severity: normal
Tags: security
Hi,
the following packages include embedded copies of libmspack:
- cabextract can use the external libmspack, but it is not packaged in
Debian.
- evolution-ews includes a modified version of an older libmspack.
- msn-pecan includes a complete copy of an older libmspack, it could
probably be made to use it instead.
- clamav embeds a modified version of an older libmspack.
- calibre embeds a complete copy of an older libmspack, it could
probably be made to use an external one instead.
There may be other packages impacted. For example I found traces of it
in older versions of spamassassin and OOo. I have not conducted a
thorough check of the archive.
This report is here to track the issue and inform the security team of
its existence. If we want it fixed, someone needs to step up and package
libmspack so that other packages can use it instead of embedding.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `'
`-
--- End Message ---