I reviewed libxml++2.6 2.40.1-3 as checked into eoan. This shouldn't be considered a full audit but rather a quick gauge of maintainability. While libxml++2.6 is currently in universe, it used to main in Ubuntu 14.04 and 12.04.
libxml++2.6 is a C++ wrapper for the libxml2 XML parser library. - No CVEs found in its history. - It Build-Depends as you'd imagine on libxml-dev and gobject/glibmm stuff - It has no pre/post inst scripts - It has no init scripts - It has no systemd units - It provides no dbus services - It does not include any executable binaries, setuid/setgid or otherwise. - It does not provide any sudo fragments - It does not add any udev rules - There are some small small amount of units tests that are run at build time. - There are no autopkgtests - It does not include any cron jobs - The build itself included bunch of deprecated function usage warnings - Packaging is lintian clean - No processes spawned Code is C++, that looks relatively clean, though I did not dig into it deeply, given that we had previously supported the package. Coverity discovered a couple of resource leaks, and some uncaught exceptions, but was mostly clean. Security team ACK for promoting libxml++2.6 to main. ** Changed in: libxml++2.6 (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1843229 Title: [MIR] libxml++2.6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml++2.6/+bug/1843229/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs