Package: src:x11vnc Version: 0.9.13-6 Severity: wishlist
Dear maintainer(s) of x11vnc,I am currently working on a security audit of all VNC related packages in Debian and identified packages that partially or completely bundle libvncserver and/or libvncclient. Esp. with VNC code, people have copy+pasted code fragments into various projects and now ship custom-patched and non-security-patched versions of those code files.
For x11vnc, I discovered that the libvncserver and libvncclient shared libraries are bundled in upstream's orig tarball, but not used at build time. If that is the case, could you please drop those two folders from x11vnc with one of the next uploads?
While this is not a functionality improvement, it helps with security audits. Please consider removing the libvncclient/ and libvncserver/ folders from the x11vnc orig tarball. Thanks!
light+love Mike Gabriel -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
pgp7z0aeAB5kY.pgp
Description: Digitale PGP-Signatur