Ubuntu
libe-book package

[MIR] multiple LibreOffice dependencies in universe

Bug #1410966 reported by Björn Michaelsen
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libabw (Ubuntu)
Fix Released
Undecided
Björn Michaelsen
libe-book (Ubuntu)
Fix Released
Undecided
Björn Michaelsen
libeot (Ubuntu)
Fix Released
Undecided
Björn Michaelsen

Bug Description

[Availability]
All packages are in universe and build from main.

[Rationale]
All packages are hard dependencies of LibreOffice and have been in shipped as an internal copy of LibreOffice in main at least since Ubuntu vivid.

[Security]
Shipping these packages as external package allows e.g. easier security updates vs. shipping them internally with LibreOffice.

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libabw
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libe-book
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libeot
all 0 results

http://secunia.com/advisories/search/?search=libabw
http://secunia.com/advisories/search/?search=libe-book
http://secunia.com/advisories/search/?search=libeot
all 0 results

http://people.canonical.com/~ubuntu-security/cve/universe.html
all 0 results

No executables, only libs. No services, no networking.

[Quality assurance]
The packages will be used from LibreOffice and are already shipped as an internal copy in previous uploads.

[UI standards]
Doesnt apply -- these libs have no UI on their own.

[Dependencies]
All build dependencies are satisfyable in main.

[Standards compliance]
Packaging is reasonably trivial.

[Maintenance]
Actively maintained at Debian.

Background information:
All of lib-ebook, libabw, libeot are in vivid/universe, need MIR, were shipped with LibreOffice in utopic/main.

See original description
Revision history for this message
Björn Michaelsen (bjoern-michaelsen) wrote :

see also bug 1410883.

Changed in libe-book (Ubuntu):
status: New → Incomplete
assignee: nobody → Björn Michaelsen (bjoern-michaelsen)
Changed in libeot (Ubuntu):
status: New → Incomplete
assignee: nobody → Björn Michaelsen (bjoern-michaelsen)
Changed in libabw (Ubuntu):
status: New → Incomplete
assignee: nobody → Björn Michaelsen (bjoern-michaelsen)
Revision history for this message
Björn Michaelsen (bjoern-michaelsen) wrote :

libabw, libe-book and libeot all build clean from vivid/main -- no additional deps needed.

Björn Michaelsen (bjoern-michaelsen)
description: updated
Björn Michaelsen (bjoern-michaelsen)
description: updated
description: updated
description: updated
Björn Michaelsen (bjoern-michaelsen)
Changed in libabw (Ubuntu):
status: Incomplete → New
Changed in libe-book (Ubuntu):
status: Incomplete → New
Changed in libeot (Ubuntu):
status: Incomplete → New
Revision history for this message
Michael Terry (mterry) wrote :

libe-book looks good. In sync with Debian, runs tests, no bugs, good packaging.

I'd love to see a symbols file, but that's not a blocker.

Changed in libe-book (Ubuntu):
status: New → Fix Committed
Revision history for this message
Michael Terry (mterry) wrote :

libeot is also fine. No tests, though which is a bummer. Especially since it's a file parser library. I'd normally ask for a security audit too, but since this is code that's already in main, we'll skip it.

I'd also like to a symbols file for it, but still not a blocker.

Changed in libeot (Ubuntu):
status: New → Fix Committed
Revision history for this message
Michael Terry (mterry) wrote :

Same story for libabw. Both it and libe-book have unused -tools.install files that have the same contents. Not an issue because they aren't actually packages. But seems like an odd copy/paste error.

Another file parser without tests. Skipping security audit too. No symbols file. Humph.

Changed in libabw (Ubuntu):
status: New → Fix Committed
Sebastien Bacher (seb128)
Changed in libabw (Ubuntu):
status: Fix Committed → Fix Released
Changed in libe-book (Ubuntu):
status: Fix Committed → Fix Released
Changed in libeot (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.