Package: libslang2-dev Version: 2.2.2-1 Severity: grave Tags: security Justification: renders package unusable
Hi, why wondering why the .a was being used for a build of mine, I noticed that there was indeed a .so for your package, but that the .so was a broken symlink… | cy...@talisker:~$ readlink -f /usr/lib/libslang.so && ls -l /lib/libslang.so* | /lib/libslang.so.2.2.1 | lrwxrwxrwx 1 root root 17 Dec 9 03:45 /lib/libslang.so.2 -> libslang.so.2.2.2 | -rw-r--r-- 1 root root 1069720 Dec 6 12:45 /lib/libslang.so.2.2.2 Setting severity to grave, a broken .so in a -dev package leads to a near-to-useless package. I guess it could be even worse and result in the .a getting embedded in other packages, meaning that if slang2 has to receive security-related fixes, packages statically built against it would still be vulnerable. Tagging security accordingly, so that it gets some attention from security folks. (Wild guess: checking packages BD'ing on it uploaded since the .so symlink got broken should help get a list of candidates.) Mraw, KiBi. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
