Package: goxel Version: 0.10.6-1 Severity: serious Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Package: goxel Version: 0.10.6-3 Depends: libasan6 (>= 10), ...,libubsan1 (>= 8) This is a bad idea not only due to slow execution and a factor 20 in binary size, but might even introduce vulnerabilities: https://www.openwall.com/lists/oss-security/2016/02/17/9 This was likely unintentional due to debug=0 no longer working, which resulted in a debug build without compiler optimization and with sanitizers enabled after https://github.com/guillaumechereau/goxel/commit/44745ead64b63083ccb48e8c7988d080674d795d Replacing debug=0 with mode=release in debian/rules makes not using the debug mode working again. It needs an additional werror=0 due to gcc finding more issues during compilation when optimization is enabled. As a side effect, fixing this bug should make the package build on all architectures again (several architectures no longer built due to the sanitizers being unavailable or broken).