I reviewed libxml++2.6 2.40.1-3 as checked into eoan. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
While libxml++2.6 is currently in universe, it used to main in Ubuntu
14.04 and 12.04.
libxml++2.6 is a C++ wrapper for the libxml2 XML parser library.
- No CVEs found in its history.
- It Build-Depends as you'd imagine on libxml-dev and gobject/glibmm stuff
- It has no pre/post inst scripts
- It has no init scripts
- It has no systemd units
- It provides no dbus services
- It does not include any executable binaries, setuid/setgid or
otherwise.
- It does not provide any sudo fragments
- It does not add any udev rules
- There are some small small amount of units tests that are run at
build time.
- There are no autopkgtests
- It does not include any cron jobs
- The build itself included bunch of deprecated function usage warnings
- Packaging is lintian clean
- No processes spawned
Code is C++, that looks relatively clean, though I did not dig into it
deeply, given that we had previously supported the package. Coverity
discovered a couple of resource leaks, and some uncaught exceptions,
but was mostly clean.
Security team ACK for promoting libxml++2.6 to main.
** Changed in: libxml++2.6 (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1843229
Title:
[MIR] libxml++2.6
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml++2.6/+bug/1843229/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
