thr3ads.net - Secure testing team - [Secure-testing-team] About uim security bug (CAN-2005-0503) [Mar 2006]

If this information is useful, please help other people find it:
Share via:

Ming Hua

2006-Mar-13 12:28 UTC

[Secure-testing-team] About uim security bug (CAN-2005-0503)

Hi everyone,

Today I noticed in Mandrake security update that UIM has a security bug
(CAN-2005-0503), and a bug is already filed in Debian BTS (#296632).

However after reading the detail about this bug
(http://lists.freedesktop.org/pipermail/uim/2005-February/000996.html),
I believe this bug won''t affect Debian (at least not likely before
sarge
is released).

The reason is that this bug only affects ``Qt immodule'''', and
this is a
Qt 4 feature.  The official Qt 3 doesn''t have such a feature, but there
is a patch for Qt 3 avaiable, and I believe Mandrake has this patch
included.  However, from what I hear, the Qt 3 in Debian doesn''t have
this patch (there is a wishlist bug filed, but I can''t find it at the
moment).

So it''s my understanding that Debian is not affected.  There are more
informed people on pkg-ime-devel@l.a.d.o, so they will correct me if I
am wrong.

[I am not subscribed to secure-testing-team@l.a.d.o, please cc: me or
pkg-ime-devel@l.a.d.o, thanks.]

Thanks,
Ming
2005.02.25

Secure testing team - Mar 2006 - About uim security bug (CAN-2005-0503)

[Secure-testing-team] About uim security bug (CAN-2005-0503)