[Debian-med-packaging] Bug#1000000: fixed in phast 1.6+dfsg-2
Adrian Bunk
bunk at debian.org
Thu Nov 18 21:12:12 GMT 2021
On Thu, Nov 18, 2021 at 05:12:10PM +0100, Sebastiaan Couwenberg wrote:
>...
> For the Debian package you could drop use_debian_packaged_libpcre.patch and
> use the embedded copy to not block the prce3 removal in Debian.
As a general comment, this would be a lot worse than keeping pcre3.
If any copy of this library should be used at all in bookworm,
it should be provided by src:pcre3.
Switching from src:pcre3 to an older vendored copy would likely create
additional security vulnerabilities for our users,[1] even with only one
user in bookworm shipping it security supportable in src:pcre3 would be
better than hiding vulnerabilities through vendoring.
> Kind Regards,
>
> Bas
cu
Adrian
[1] https://security-tracker.debian.org/tracker/source-package/pcre3
More information about the Debian-med-packaging
mailing list