[Bug 1976405] Re: [MIR] libntlm

Brian Murray 1976405 at bugs.launchpad.net
Wed Aug 31 20:32:13 UTC 2022 

What is the mutt task here for?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mutt in Ubuntu.
https://bugs.launchpad.net/bugs/1976405

Title:
  [MIR] libntlm

Status in libntlm package in Ubuntu:
  Fix Released
Status in mutt package in Ubuntu:
  New

Bug description:
  [Summary]
  * Due to the nature of the package (an authentication library) it should
  be reviewed by the security team before promotion
  * build log: https://launchpad.net/ubuntu/+source/libntlm/1.6-4/+build/22298428

  [Availability]
  * The package is already in Ubuntu universe.
  * The package build for the architectures it is designed to work on.

  [Rationale]
  *This MIR is transitive for an MIR of gsasl. It is needed to resolve
  a component mismatch for mutt

  [Security]
  * CVE-2019-17455 was fixed and is the only CVE listed for this package
  * No `suid` or `sgid` binaries
  * No executables in `/sbin` and `/usr/sbin`
  * Package does not install services, timers or recurring jobs
  * Packages does not open privileged ports (ports < 1024)
  * Due to the nature of the package (an authentication library) it should
  be reviewed by the security team before promotion

  [Quality assurance - function/usage]
  * The package works well right after install

  [Quality assurance - maintenance]
  * The package is maintained well in Debian/Ubuntu and has not too many
   and long term critical bugs open
  * The package does not deal with exotic hardware we cannot support

  [Quality assurance - testing]
  * The package runs a test suite on build time, if it fails
  it makes the build fail
  * The package runs an autopkgtest, and is currently passing
  * The package does have not failing autopkgtests right now

  [Quality assurance - packaging]
  * debian/watch is present and works
  * debian/control defines a correct Maintainer field
  * This package does not yield massive lintian Warnings, Errors
  * Full output of `lintian --pedantic`:
  ```
  P: libntlm source: very-long-line-length-in-source-file configure line 11350 is 704 characters long (>512)
  P: libntlm source: very-long-line-length-in-source-file m4/libtool.m4 line 6621 is 738 characters long (>512)
  ```
  * Lintian overrides are not present
  * This package has no python2 or GTK2 dependencies
  * Packaging and build is easy

  [UI standards]
  * Application is not end-user facing (does not need translation)

  [Dependencies]
  * No further depends or recommends dependencies that are not yet in main

  [Standards compliance]
  * This package correctly follows FHS and Debian Policy

  [Maintenance/Owner]
  * Owning Team will be foundations
  * Team is not yet, but will subscribe to the package before promotion
  * This does not use static builds
  * This does not use vendored code
  * The package successfully built during the most recent test rebuild

  [Background information]
  * The Package description explains the package well
  * Upstream name is libntlm
  * Link to upstream project https://www.nongnu.org/libntlm/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libntlm/+bug/1976405/+subscriptions

More information about the foundations-bugs mailing list