Bug#943833: [src:x11vnc] Drop bundled libvncserver/libvncclient
Control: close -1 Control: fixed -1 0.9.16-1 Am Sonntag, 3. November 2019 schrieb Antoni Villalonga: > On Wed, Oct 30, 2019 at 02:59:32PM +, Mike Gabriel wrote: > > Package: src:x11vnc > > Version: 0.9.13-6 > > Severity: wishlist > > > > While this is not a functionality improvement, it helps with security > > audits. Please consider removing the libvncclient/ and libvncserver/ folders > > from the x11vnc orig tarball. Thanks! > > Hi Mike, > > I've uploaded x11vnc 0.9.16-1 to experimental. > Can we consider this bug fixed on that version? > > Thanks for your time! Yes, perfect. Mike -- Gesendet von meinem Fairphone2 (powered by Sailfish OS).
Bug#943833: [src:x11vnc] Drop bundled libvncserver/libvncclient
On Wed, Oct 30, 2019 at 02:59:32PM +, Mike Gabriel wrote: > Package: src:x11vnc > Version: 0.9.13-6 > Severity: wishlist > > While this is not a functionality improvement, it helps with security > audits. Please consider removing the libvncclient/ and libvncserver/ folders > from the x11vnc orig tarball. Thanks! Hi Mike, I've uploaded x11vnc 0.9.16-1 to experimental. Can we consider this bug fixed on that version? Thanks for your time! -- Antoni Villalonga http://friki.cat/
Bug#943833: [src:x11vnc] Drop bundled libvncserver/libvncclient
Package: src:x11vnc Version: 0.9.13-6 Severity: wishlist Dear maintainer(s) of x11vnc, I am currently working on a security audit of all VNC related packages in Debian and identified packages that partially or completely bundle libvncserver and/or libvncclient. Esp. with VNC code, people have copy+pasted code fragments into various projects and now ship custom-patched and non-security-patched versions of those code files. For x11vnc, I discovered that the libvncserver and libvncclient shared libraries are bundled in upstream's orig tarball, but not used at build time. If that is the case, could you please drop those two folders from x11vnc with one of the next uploads? While this is not a functionality improvement, it helps with security audits. Please consider removing the libvncclient/ and libvncserver/ folders from the x11vnc orig tarball. Thanks! light+love Mike Gabriel -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgp7z0aeAB5kY.pgp Description: Digitale PGP-Signatur
