It is suspected that this package is vulnerable to a security vulnerability in gnulib. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. Please see the information contained in the tracker bug 714934: * CVE-2017-7476 - "Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c." ** Patch: https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=94e01571507835ff59dd8ce2a0b56a4b566965a4 * CVE-2018-17942 - "The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing." ** Patch: https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=278b4175c9d7dd47c1a3071554aac02add3b3c35 Please check if possible whether any embedded gnulib has now, or in the past (for GLSA purposes/cleanup if still in tree) contained in this version.
Currently uses a fixed version of gnulib.
