control: tags -1 help
Removing it is not a simple operation, I'll add it to the security tracker for
now.
G.
Il lunedì 14 gennaio 2019, 20:06:17 CET, Helmut Grohne <[email protected]>
ha scritto:
Package: kbuild
Version: 1:0.1.9998svn3293+dfsg-2
Severity: important
Tags: security
kbuild contains an embedded copy of GNU make. It is shipped as
kmk_gmake. Please consider removing the embedded copy. Presently, it
uses GNU make 4.2.1, which is the same version as make-dfsg, so this
might be a convenience copy.
Failing that, please register your copy writh the security tracker.
Refer to https://wiki.debian.org/EmbeddedCodeCopies for instructions on
how to do that. Given that make has previously received CVEs, getting
rid of the copy is strongly preferred.
Helmut
