I reviewed discount 2.2.6-1ubuntu1 as checked into hirsute. This shouldn't be considered a full audit but rather a quick gauge of maintainability.
discount is an implementation of John Gruber's Markdown markup language. - CVE History: - All CVEs bellow are open CVE-2018-11468 - medium (affects only xenial and bionic) CVE-2018-11503 - medium (affects only xenial and bionic) CVE-2018-11504 - medium (affects only xenial and bionic) CVE-2018-12495 - low (affects only xenial and bionic) - Build-Depends? - libmarkdown2, libmarkdown2-dev - pre/post inst/rm scripts? - there are two .install scripts: - libmarkdown2-dev.install does: - echo mkdio.h usr/include/$DEB_HOST_MULTIARCH - echo libmarkdown.so usr/lib/$DEB_HOST_MULTIARCH - echo libmarkdown.pc usr/lib/$DEB_HOST_MULTIARCH/pkgconfig/ - libmarkdown2.install does: - echo libmarkdown.so.* usr/lib/$DEB_HOST_MULTIARCH - init scripts? None - systemd units? None - dbus services? None - setuid binaries? None - binaries in PATH? -rwxr-xr-x root/root 20000 2020-10-10 16:43 ./usr/bin/makepage -rwxr-xr-x root/root 24672 2020-10-10 16:43 ./usr/bin/markdown -rwxr-xr-x root/root 24160 2020-10-10 16:43 ./usr/bin/mkd2html -rwxr-xr-x root/root 32624 2020-10-10 16:43 ./usr/bin/theme - sudo fragments? None - polkit files? None - udev rules? None - unit tests / autopkgtests? - there are tests but I'm not 100% sure they run on build time. - cron jobs? - none - Build logs: None - Processes spawned? one, but run only if it HAS_GIT flag. These are build utilities exec files only. - Memory management? - In a first glance, it is ok. - it uses some strcpy with some argv/argc, but the memory buffers are set size using the argv/argc. In any case, probably need further looks - File IO? - Sounds ok - Logging? - Some logs using perror - Environment variable usage? - it uses MARKDOWN_FLAGS amd AMALLOC_STATISTICS env variables. But not seems weird. - Use of privileged functions? - None - Use of cryptography / random number sources etc? - None - Use of temp files? - None - Use of networking? - None - Use of WebKit? - None - Use of PolicyKit? - None - Any significant cppcheck results? - lots of Expression errors as in: sio.c:14:5: error: Expression '((*iot).size++)[((*iot).size<(*iot).alloc)?((*iot).text):((*iot).text=(*iot).text?realloc((*iot).text,sizeof(*iot).text[0]*((*iot).alloc+=100)):malloc(sizeof(*iot).text[0]*((*iot).alloc+=100)))]' depends on order of evaluation of side effects [unknownEvaluationOrder] EXPAND(*iot) = c; - Any significant Coverity results? - Some possible NULL dereference in markdown.c 958 as p is passed without be checked. - same in line 996 markdown.c - Any significant shellcheck results? - not that relevant. - Any significant bandit results? - None There are few things that I believe should be address first to ACK it, as re-check the possible NULL dereferences were it was pointed. But in general, from me it's ACK. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11468 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11503 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11504 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12495 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1899213 Title: [MIR] new dependencies of lintian To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/discount/+bug/1899213/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs