[Pkg-ime-devel] Bug#730781: ibus-chewing: CVE-2013-4509
Osamu Aoki
osamu at debian.org
Sun Dec 1 12:54:24 UTC 2013
Hi,
Considering CVE..., I uploaded after the good build.
I noticed 2 things in this process:
Lintian under the unstable chroot (cowbuilder used via "gbp buildpackage"):
I: ibus-chewing: hardening-no-fortify-functions usr/lib/ibus/ibus-engine-chewing
N:
N: This package provides an ELF binary that lacks the use of fortified libc
N: functions. Either there are no potentially unfortified functions called
N: by any routines, all unfortified calls have already been fully validated
N: at compile-time, or the package was not built with the default Debian
N: compiler flags defined by dpkg-buildflags. If built using
N: dpkg-buildflags directly, be sure to import CPPFLAGS.
N:
N: NB: Due to false-positives, Lintian ignores some unprotected functions
N: (e.g. memcpy).
N:
N: Refer to http://wiki.debian.org/Hardening and
N: http://bugs.debian.org/673112 for details.
N:
N: Severity: normal, Certainty: wild-guess
N:
N: Check: binaries, Type: binary, udeb
N:
While installing package under GNOME3:
$ sudo debi ibus-chewing_1.4.3-4_amd64.changes
(Reading database ... 368329 files and directories currently installed.)
Preparing to replace ibus-chewing 1.4.3-3 (using ibus-chewing_1.4.3-4_amd64.deb) ...
Unpacking replacement ibus-chewing ...
Setting up ibus-chewing (1.4.3-4) ...
Processing triggers for gconf2 ...
(gconftool-2:32540): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
I see this once in a while ... worrying.
Osamu
More information about the Pkg-ime-devel
mailing list