[Bug 1531923] Re: [MIR] lz4
Michael Terry
michael.terry at canonical.com
Mon Jan 18 17:27:49 UTC 2016
OK, I'm switching to Seth for the security look-see, because I'm 90%
sure that's what Jamie would do. :)
** Changed in: lz4 (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => Seth Arnold (seth-arnold)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to lz4 in Ubuntu.
https://bugs.launchpad.net/bugs/1531923
Title:
[MIR] lz4
Status in lz4 package in Ubuntu:
New
Bug description:
[Availability]
OK
[Rationale]
needed for next APT release and to fix squashfs-tools depwait
[Security]
One CVE so far: http://www.cvedetails.com/product/28069/Yann-Collet-LZ4.html?vendor_id=13512
[Quality assurance]
Small compression library, should be easy to handle.
No bugs in Debian, except for a packaging wish:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=lz4;dist=unstable
Upstream bugs seem OK, mostly wishes and used as a TODO list:
https://github.com/Cyan4973/lz4/issues
(some small issues in the lz4 tool in liblz4-tool, but nothing really important).
[Dependencies]
Satisfiable
[Standards compliance]
seems ok
[Maintenance]
Actively maintained in debian, also used by zfs and squashfs.
Foundations is now subscribed to bugs for the package.
[Background information]
APT master has just landed support for lz4 compression using liblz4.
As such, we need liblz4-1 and -dev promoted to main for the next APT
release.
I'm posting this ahead of the APT release so we can get this change
reviewed in advance.
Also, squashfs-tools is currently in depwait on liblz4-dev.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lz4/+bug/1531923/+subscriptions
More information about the foundations-bugs
mailing list