[Touch-packages] [Bug 1753450] Re: [MIR] mpg123

Tue, 06 Mar 2018 03:12:13 -0800 

+1 to go ahead. The Security Team will not do a code review at this
time.

** Changed in: mpg123 (Ubuntu)
     Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mpg123 in Ubuntu.
https://bugs.launchpad.net/bugs/1753450

Title:
  [MIR] mpg123

Status in mpg123 package in Ubuntu:
  Incomplete

Bug description:
  Availability
  ============
  Built for all supported architectures. In sync with Debian.

  Rationale
  =========
  For the 1.14 series, GStreamer upstream moved MP3 encoding and decoding into 
gst-plugins-good. These are installed by default, and so now we can have MP3 
support in the default install. The desktop team would like this feature.

  For that, it uses some libraries and we'll need to put them in main.

  Security
  ========
  There are some CVEs in the history of the project.

  https://security-tracker.debian.org/tracker/source-package/mpg123
  https://people.canonical.com/~ubuntu-security/cve/pkg/mpg123.html

  The Ubuntu CVE page lists a 'needed' one which AFAICS is fixed in
  1.25.8-1.

  Quality assurance
  =================
  Desktop team is subscribed.

  Bugs
  ----

  https://bugs.launchpad.net/ubuntu/+source/mpg123
  https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=mpg123

  Dependencies
  ============
  We need libmpg123-0 in main, and this depends on libc6 only.

  Standards compliance
  ====================
  4.1.2. debian/rules is slightly complicated because it generates some wrapper 
scripts for some old binary names. Those binaries don't go in a package that we 
need in main.

  Maintenance
  ===========
  Desktop team will maintain. In Debian this is maintained by the multimedia 
team, which is active. We don't envisage the package diverging from Debian.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mpg123/+bug/1753450/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to