Control: -1 reopen
Quack,
Upstream ported the patch which fixes this one-off security problem,
very well. Unfortunately this bug report is not about it, even if it was
an example of how harmful having a copy of the code is.
So it seems you don't get me right and I would encourage you to read the
Debian Policy section 4.13 about this problem. Calibre has no good
reason to borrow code from a maintained and packaged library. This
library is lightweight and does not drag any other dependency, so
upstream should not be shy about it.
I'm adding the security team so they don't miss this problem and how
this package (all versions) is affected by the libmspack security issues
(part of).
Regards.
\_o<
--
Marc Dequènes
