| 2022-05-10 15:11:53 |
Lukas Märdian |
bug |
|
|
added bug |
| 2022-05-10 15:12:02 |
Lukas Märdian |
bug |
|
|
added subscriber MIR approval team |
| 2022-05-10 15:12:28 |
Lukas Märdian |
description |
TDB by foundations |
TDB by foundations
Also, most probably needs transitive MIR for libntlm |
|
| 2022-05-10 15:12:46 |
Lukas Märdian |
tags |
kinetic |
fr-2362 kinetic |
|
| 2022-05-10 15:28:08 |
Lukas Märdian |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999672 |
|
| 2022-05-10 15:28:08 |
Lukas Märdian |
bug task added |
|
mutt (Debian) |
|
| 2022-05-10 15:49:44 |
Bug Watch Updater |
mutt (Debian): status |
Unknown |
Fix Released |
|
| 2022-05-31 18:35:39 |
William Wilson |
gsasl (Ubuntu): assignee |
|
William Wilson (jawn-smith) |
|
| 2022-05-31 20:10:50 |
William Wilson |
gsasl (Ubuntu): milestone |
|
ubuntu-22.10 |
|
| 2022-05-31 20:18:32 |
William Wilson |
description |
TDB by foundations
Also, most probably needs transitive MIR for libntlm |
[Summary]
* Everything seems in order with this package, but it should
be reviewed by the security team due to the nature of the package.
* Build log: https://launchpadlibrarian.net/564514219/buildlog_ubuntu-jammy-amd64.gsasl_1.10.0-5_BUILDING.txt.gz
[Availability]
* The package is already available in Ubuntu universe and builds for the required architectures
[Rationale]
* mutt (which is in main) used to depend on cyrus-sasl. Due to a
licensing conflict between mutt and cyrus-sasl, it has been updated
to use gsasl and drop the dependency on cyrus-sasl. This change
has been made in Debian. Mutt is used by a large part of our
user base, so continuing to provide it is important.
[Security]
* Package gsasl and associated libraries do not have any
security red-flags, but should still be reviewed by
the security team due to the nature of the package (it
authenticates users to servers)
* No CVEs/security issues in this software in the past
* No `suid` or `sgid` binaries
* No executables in `/sbin` and `/usr/sbin`
* Package does not install services, timers or recurring jobs
* Package does not open privileged ports (ports < 1024)
[Quality assurance - function/usage]
* The package works well right after install
[Quality assurance - maintenance]
* The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
* The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
* The package runs a test suite on build time, if it fails
it makes the build fail
* The package runs an autopkgtest, and is currently passing
[Quality assurance - packaging]
* debian/watch is present and works
* debian/control defines a correct Maintainer field
* This package does not yield massive lintian Warnings, Errors
* Full output of `lintian --pedantic`:
```
P: gsasl source: update-debian-copyright 2014 vs 2021 [debian/copyright:44]
P: gsasl source: very-long-line-length-in-source-file configure line 13808 is 704 characters long (>512)
P: gsasl source: very-long-line-length-in-source-file examples/openid20/README line 92 is 807 characters long (>512)
P: gsasl source: very-long-line-length-in-source-file examples/saml20/README line 171 is 1396 characters long (>512)
P: gsasl source: very-long-line-length-in-source-file ... use --no-tag-display-limit to see all (or pipe to a file/program)
```
* Lintian overrides are present, but ok because upstream does
not provide source-only tarballs
* This package has no python2 or GTK2 dependencies
* Packaging and build is easy. d/rules is concise and readable
[UI standards]
* Application is end-user facing, Translation is present, via gettext
[Dependencies]
* libgsasl-dev depends on a package from src:libntlm. MIR for
libntlm is here: https://bugs.launchpad.net/ubuntu/+source/libntlm/+bug/1976405
[Standards compliance]
* This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
* Owning Team will be foundations
* Team is not yet, but will subscribe to the package before promotion
* This does not use static builds
* This does not use vendored code
* The package successfully built during the most recent test rebuild
[Background information]
* The Package description explains the package well
* Upstream Name is GNU SASL
* Upstream Link is https://www.gnu.org/software/gsasl/ |
|
| 2022-05-31 21:25:24 |
William Wilson |
gsasl (Ubuntu): assignee |
William Wilson (jawn-smith) |
|
|
| 2022-05-31 21:25:28 |
William Wilson |
gsasl (Ubuntu): status |
Incomplete |
New |
|
| 2022-06-01 21:26:23 |
William Wilson |
tags |
fr-2362 kinetic |
fr-2362 kinetic update-excuse |
|
| 2022-06-02 15:31:24 |
William Wilson |
bug task added |
|
mutt (Ubuntu) |
|
| 2022-06-02 15:46:28 |
Christian Ehrhardt |
mutt (Ubuntu): assignee |
|
William Wilson (jawn-smith) |
|
| 2022-06-07 14:38:09 |
Christian Ehrhardt |
gsasl (Ubuntu): assignee |
|
Didier Roche (didrocks) |
|
| 2022-06-07 14:40:23 |
Andreas Hasenack |
bug |
|
|
added subscriber Andreas Hasenack |
| 2022-06-14 10:24:29 |
Didier Roche-Tolomelli |
gsasl (Ubuntu): assignee |
Didier Roche (didrocks) |
|
|
| 2022-06-14 10:24:39 |
Didier Roche-Tolomelli |
bug |
|
|
added subscriber Didier Roche |
| 2022-06-14 10:24:44 |
Didier Roche-Tolomelli |
gsasl (Ubuntu): status |
New |
Incomplete |
|
| 2022-06-16 19:43:43 |
William Wilson |
attachment added |
|
lp1972866.debdiff https://bugs.launchpad.net/ubuntu/+source/mutt/+bug/1972866/+attachment/5597805/+files/lp1972866.debdiff |
|
| 2022-06-17 12:14:45 |
Simon Josefsson |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012768 |
|
| 2022-06-20 15:08:53 |
Christian Ehrhardt |
gsasl (Ubuntu): assignee |
|
Ubuntu Security Team (ubuntu-security) |
|
| 2022-06-20 20:25:37 |
Seth Arnold |
tags |
fr-2362 kinetic update-excuse |
fr-2362 kinetic sec-1101 update-excuse |
|
| 2022-06-28 14:44:12 |
Christian Ehrhardt |
gsasl (Ubuntu): status |
Incomplete |
New |
|
| 2022-08-24 20:06:09 |
Mark Esler |
cve linked |
|
2022-2469 |
|
| 2022-08-24 20:11:48 |
Mark Esler |
gsasl (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
| 2022-08-24 20:11:54 |
Mark Esler |
gsasl (Ubuntu): status |
New |
In Progress |
|
| 2022-08-24 20:12:02 |
Mark Esler |
bug |
|
|
added subscriber Mark Esler |
| 2022-08-25 15:37:02 |
Lukas Märdian |
gsasl (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2022-08-30 15:45:06 |
Lukas Märdian |
gsasl (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2022-08-31 20:37:59 |
William Wilson |
mutt (Ubuntu): status |
New |
Fix Released |
|
