Bug#842093: embedded copies of libupnp

James Cowgill jcowgill at debian.org
Fri Dec 9 10:16:25 UTC 2016


Hi,

On 09/12/16 09:27, Uwe Kleine-König wrote:
> Hello,
> 
> there are two source packages (in sid, found via codesearch.d.n) that
> include embedded copies of libupnp: djmount and mediatomb (maintainers
> on Cc:).
> 
> djmount build-depends on libupnp-dev and calls configure with
> --with-external-libupnp, so fixing libupnp should be good enough here.
> 
> mediatomb doesn't build-depend on libupnp-dev and looking at
> https://buildd.debian.org/status/fetch.php?pkg=mediatomb&arch=armhf&ver=0.12.1-47-g7ab7616-1%2Bb4&stamp=1460993907
> it seems that the embedded copy is used, so mediatomb needs additional
> handling to fix the bug. Also the copy is vulnerable.

The Fedora maintainer asked upstream about it a while back:
https://sourceforge.net/p/mediatomb/bugs/114/

I have not checked how extensive the patching is, but I expect
unbundling libupnp from mediatomb would be a lot of work which noone
has volunteered to do.

Upstream appears to be dead which is why they haven't fixed it.

Thanks,
James

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20161209/1b056d40/attachment.sig>


More information about the pkg-multimedia-maintainers mailing list