Apparently CVE's search doesn't match word substrings; I adjusted the description accordingly, there *were* two CVEs in the past. Sorry for the initially incorrect information.
** Description changed: Availability: builds on all architectures Rationale: - Used by systemd's remote journal support; we'd like to enable this as it provides nice and secure (over SSL) logging for devices without much space, or writable root etc. Users are asking for it (bug 1480952) and it's also a nice feature for snappy. - Enablement done in Debian: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=52758fa - Security: no issues in the past (http://cve.mitre.org/cgi- - bin/cvekey.cgi?keyword=microhttp) + Security: two issues in the past (http://cve.mitre.org/cgi- + bin/cvekey.cgi?keyword=libmicrohttpd) through "standard" buffer + overflows. usage of it in systemd would mitigate this as the unit is + strongly confined. QA/maintenance: - Just a library, no user interface; no debconf, - No serious, and very few bug reports in Debian/Ubuntu - Standard dh7/dh_install packaging, no oddities - Adequate package maintenance in Debian, no Ubuntu delta planned - Adequate upstream maintenance: Search for "microhttp" on https://gnunet.org/bugs/view_all_bug_page.php → bugs get fixed and responded to - Package has watch file - /!\ Package has some automatic tests, and some example C programs for manual testing; not enabled during package build Dependencies: all build/binary deps already in main Note that at least for now we don't necessarily need to put the new systemd-journal-remote binary package into main; but we need the -dev as a build dependency, thus libmicrohttpd-dev needs to be in main for this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1488341 Title: MIR: libmicrohttpd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmicrohttpd/+bug/1488341/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs