User:Sam/Security/Bundled libs

From Gentoo Wiki
Jump to: navigation, search

This is a list of known bundled libs, for us to periodically check on and track for security bugs.

We want to know about bundled libraries even if a separate version is not packaged in Gentoo because the lack of an independent package doesn't negate a possible vulnerability.

(lib)foo isn't in this list!

  • 1. File a bug for this issue.
  • 2. Make it block the bug #bundled-libs tracker on Bugzilla.
  • 3. CC security@ if it's a package with a poor security record.
  • 4. Add it to this list, or add a message to the talk (discussion) page letting us know about it.

Table

Bundled library Bundled in Bugs/References
mujs mupdf