[Pkg-ime-devel] Bug#730781: ibus-chewing: CVE-2013-4509

Osamu Aoki osamu at debian.org
Sun Dec 1 12:54:24 UTC 2013


Considering CVE..., I uploaded after the good build.

I noticed 2 things in this process:

Lintian under the unstable chroot (cowbuilder used via "gbp buildpackage"):

I: ibus-chewing: hardening-no-fortify-functions usr/lib/ibus/ibus-engine-chewing
N:    This package provides an ELF binary that lacks the use of fortified libc
N:    functions. Either there are no potentially unfortified functions called
N:    by any routines, all unfortified calls have already been fully validated
N:    at compile-time, or the package was not built with the default Debian
N:    compiler flags defined by dpkg-buildflags. If built using
N:    dpkg-buildflags directly, be sure to import CPPFLAGS.
N:    NB: Due to false-positives, Lintian ignores some unprotected functions
N:    (e.g. memcpy).
N:    Refer to http://wiki.debian.org/Hardening and
N:    http://bugs.debian.org/673112 for details.
N:    Severity: normal, Certainty: wild-guess
N:    Check: binaries, Type: binary, udeb

While installing package under GNOME3:

$ sudo debi ibus-chewing_1.4.3-4_amd64.changes 
(Reading database ... 368329 files and directories currently installed.)
Preparing to replace ibus-chewing 1.4.3-3 (using ibus-chewing_1.4.3-4_amd64.deb) ...
Unpacking replacement ibus-chewing ...
Setting up ibus-chewing (1.4.3-4) ...
Processing triggers for gconf2 ...

(gconftool-2:32540): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Unable to autolaunch a dbus-daemon without a $DISPLAY for X11

I see this once in a while ... worrying.


More information about the Pkg-ime-devel mailing list