This package has a long security history, and a currently left-open CVE
because the upload of 3.100 did not include closing the active CVE.

If there's a go-ahead from the Security Team (I'm not looking for a code
review, just an acknowledgement that they are aware of the requirement
for this package, and are fine with its current general state); then I
see no issues with this MIR.

** Changed in: lame (Ubuntu)
       Status: New => Incomplete

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lame in Ubuntu.

  [MIR] lame

Status in lame package in Ubuntu:

Bug description:
  Built for all supported architectures. In sync with Debian.

  For the 1.14 series, GStreamer upstream moved MP3 encoding and decoding into 
gst-plugins-good. These are installed by default, and so now we can have MP3 
support in the default install. The desktop team would like this feature.

  For that, it uses some libraries and we'll need to put them in main.

  There are some CVEs in the history of the project.

  The Ubuntu CVE page lists some 'needed' ones but from looking at those
  ones in Debian they are duplicates and should be fixed already.

  Quality assurance
  Desktop team is subscribed.


  I think they are reasonably calm given that this is a well known


  We need libmp3lame0 in main, and this depends on libc6 only.

  Standards compliance

  4.1.1 and dh minimal style rules.

  Desktop team will maintain. In Debian this is maintained by the multimedia 
team, which is active. We don't envisage the package diverging from Debian.

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to