Package: cabextract,evolution-ews,msn-pecan,clamav,calibre Severity: normal Tags: security
Hi, the following packages include embedded copies of libmspack: - cabextract can use the external libmspack, but it is not packaged in Debian. - evolution-ews includes a modified version of an older libmspack. - msn-pecan includes a complete copy of an older libmspack, it could probably be made to use it instead. - clamav embeds a modified version of an older libmspack. - calibre embeds a complete copy of an older libmspack, it could probably be made to use an external one instead. There may be other packages impacted. For example I found traces of it in older versions of spamassassin and OOo. I have not conducted a thorough check of the archive. This report is here to track the issue and inform the security team of its existence. If we want it fixed, someone needs to step up and package libmspack so that other packages can use it instead of embedding. Cheers, -- .''`. Josselin Mouette : :' : `. `' `- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
