Package: release.debian.org User: release.debian....@packages.debian.org Usertags: rm Severity: normal
Hi, t1lib has a significant set of security vulnerablities [0] and there is no sign of them ever getting fixed with upstream missing in action for over three years now. Because of these issues, xpdf for example has dropped support for it in favor of freetype2 [1]. poppler did this a long time ago as well. There are a few reverse dependencies, which could also be updated to use freetype instead. These include: php5 (php5-gd binary package) xdvik-ja vflib3 matita libimager-perl lablgtkmathview grace evince (libevince3 binary package) dvipng I would recommend removing t1lib from the archive. If the release team concurs with this, I will file serious bugs against the reverse dependencies. Once that's done and everyone is in concurrance, I'll send a message to the ftp masters for removal. Best wishes, Mike [0] http://security-tracker.debian.org/tracker/source-package/t1lib [1] http://www.foolabs.com/xpdf/download.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
