[Secure-testing-team] About uim security bug (CAN-2005-0503)
Ming Hua
minghua at rice.edu
Fri Feb 25 17:49:53 UTC 2005
Hi everyone,
Today I noticed in Mandrake security update that UIM has a security bug
(CAN-2005-0503), and a bug is already filed in Debian BTS (#296632).
However after reading the detail about this bug
(http://lists.freedesktop.org/pipermail/uim/2005-February/000996.html),
I believe this bug won't affect Debian (at least not likely before sarge
is released).
The reason is that this bug only affects ``Qt immodule'', and this is a
Qt 4 feature. The official Qt 3 doesn't have such a feature, but there
is a patch for Qt 3 avaiable, and I believe Mandrake has this patch
included. However, from what I hear, the Qt 3 in Debian doesn't have
this patch (there is a wishlist bug filed, but I can't find it at the
moment).
So it's my understanding that Debian is not affected. There are more
informed people on pkg-ime-devel at l.a.d.o, so they will correct me if I
am wrong.
[I am not subscribed to secure-testing-team at l.a.d.o, please cc: me or
pkg-ime-devel at l.a.d.o, thanks.]
Thanks,
Ming
2005.02.25
More information about the Secure-testing-team
mailing list