[Bug 1598308] [NEW] Remove sql-ledger from devel/yakkety
Launchpad Bug Tracker
1598308 at bugs.launchpad.net
Fri Jul 8 20:23:20 UTC 2016
You have been subscribed to a public bug by Hans Joachim Desserud (hjd):
Please remove sql-ledger source and binary packages from devel/yakkety
Rationale:
This should be removed from the Ubuntu archive because neither Ubuntu nor Debian are actively maintaining this package. It is not tracking upstream - latest upstream version is 3.2.1 and latest Debian and Ubuntu package releases are 3.0.8. 3.2.0 was released six months ago.
It has open CVEs dating back to 2007 which "allows remote attackers to
read and overwrite arbitrary files, and execute arbitrary code".
The packaging note explicitly states that it is not receiving security
updates ("This package does not benefit from serious security support")
but the package deals with accounting and money which require a high
degree of security and trust.
$ reverse-depends sql-ledger
No reverse dependencies found
** Affects: sql-ledger (Ubuntu)
Importance: Undecided
Status: New
--
Remove sql-ledger from devel/yakkety
https://bugs.launchpad.net/bugs/1598308
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.
More information about the ubuntu-archive
mailing list