Package: albert Version: 1:0.4.10-4 Severity: important Tags: security
Albert uses an embedded and vulnerable version of the expat library for xml parsing. At a minimum, http://security-tracker.debian.org/tracker/CVE-2009-3720 is present in albert from having a quick review of the relevant source. I have not investigated the impact of this vulnerability in relation to albert or how it would be triggered. I imagine the impact is quite low because the outstanding vulnerabilities in expat are denial of services. The desired outcome is that albert dynamically link against the system expat library instead of linking in the embedded copy.
