2018-09-07 23:44:08 +0200, Rene Engelhard: [...] > I don't buy this: The autopkgtest of exactly the version you report it > against: [...]
Hi Rene, I can reproduce on a different system. The evidences can also be found in the source: See https://sources.debian.org/src/libnumbertext/1.0-2/debian/libnumbertext-tools.install/ moving spellout from bin to lib https://sources.debian.org/src/libnumbertext/1.0-2/debian/libnumbertext-data.install/ putting data files in usr/share/libnumbertext while https://sources.debian.org/src/libnumbertext/1.0-2/src/spellout.cxx/#L13 expects them /usr/share/numbertext Also https://sources.debian.org/src/libnumbertext/1.0-2/src/spellout.cxx/#L40 for the current directory being searched first (the security vulnerability). I suppose the test tests at build time, (and may be why the tool also looks in a "data" subdirectory of the current directory as there's one such directory in the source tree), so doesn't try and look for the data file in their final destination (/usr/share/numbertext != /usr/share/libnumbertext). -- Stephane
