Source: zziplib Severity: grave Tags: security Hi, multiple security issues have been found in zziplib by Agostino Sarubbo of Gentoo:
http://www.openwall.com/lists/oss-security/2017/02/09/10 http://www.openwall.com/lists/oss-security/2017/02/09/11 http://www.openwall.com/lists/oss-security/2017/02/09/12 http://www.openwall.com/lists/oss-security/2017/02/09/13 http://www.openwall.com/lists/oss-security/2017/02/09/14 http://www.openwall.com/lists/oss-security/2017/02/09/15 http://www.openwall.com/lists/oss-security/2017/02/09/16 http://www.openwall.com/lists/oss-security/2017/02/09/17 http://www.openwall.com/lists/oss-security/2017/02/09/18 http://www.openwall.com/lists/oss-security/2017/02/09/19 http://www.openwall.com/lists/oss-security/2017/02/09/20 He points out that upstream seems dead: http://www.openwall.com/lists/oss-security/2017/02/09/21 Aside from that, there's also older, unacknowleged bugs from the Mayhem project in the BTS. So unless you want to pick up upstream maintenace yourself, we should rather remove zziplib from stretch. Cheers, Moritz