Package: src:x11vnc
Version: 0.9.13-6
Severity: wishlist

Dear maintainer(s) of x11vnc,

I am currently working on a security audit of all VNC related packages in Debian and identified packages that partially or completely bundle libvncserver and/or libvncclient. Esp. with VNC code, people have copy+pasted code fragments into various projects and now ship custom-patched and non-security-patched versions of those code files.

For x11vnc, I discovered that the libvncserver and libvncclient shared libraries are bundled in upstream's orig tarball, but not used at build time. If that is the case, could you please drop those two folders from x11vnc with one of the next uploads?

While this is not a functionality improvement, it helps with security audits. Please consider removing the libvncclient/ and libvncserver/ folders from the x11vnc orig tarball. Thanks!

light+love
Mike Gabriel


--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgp7z0aeAB5kY.pgp
Description: Digitale PGP-Signatur

Reply via email to