Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-2260

Source

Debian Bug report logs - #632260
stardict: Impossible to turn off the network dictionarry

Package: stardict; Maintainer for stardict is Andrew Lee (李健秋) <ajqlee@debian.org>; Source for stardict is src:stardict (PTS, buildd, popcon).

Reported by: phcoder <phcoder@gmail.com>

Date: Thu, 30 Jun 2011 23:42:01 UTC

Severity: normal

Tags: unreproducible, upstream

Fixed in version 3.0.1-5

Done: Aron Xu <happyaron.xu@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, phcoder@gmail.com, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Andrew Lee (李健秋) <ajqlee@debian.org>:
Bug#632260; Package stardict. (Thu, 30 Jun 2011 23:42:04 GMT) (full text, mbox, link).

Acknowledgement sent to phcoder <phcoder@gmail.com>:
New Bug report received and forwarded. Copy sent to phcoder@gmail.com, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Andrew Lee (李健秋) <ajqlee@debian.org>. (Thu, 30 Jun 2011 23:42:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: stardict
Version: 3.0.1-7
Severity: grave
Tags: upstream security
Justification: user security hole

Any attempts to uncheck the box "Enable network dictionaries" is effective only 
until statrdict is closed and network dictionary is activated again after restart (the checkbox remains unchecked). Sometime it doesn't even work that far. I don't want all my searches to be sent to some server in China or elsewhere in the world.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.39-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages stardict depends on:
ii  stardict-gtk                  3.0.1-7+b1 International dictionary written i

stardict recommends no packages.

stardict suggests no packages.

-- no debconf information

Information forwarded to debian-bugs-dist@lists.debian.org, Andrew Lee (李健秋) <ajqlee@debian.org>:
Bug#632260; Package stardict. (Mon, 11 Jul 2011 16:30:03 GMT) (full text, mbox, link).

Acknowledgement sent to Aron Xu <happyaron.xu@gmail.com>:
Extra info received and forwarded to list. Copy sent to Andrew Lee (李健秋) <ajqlee@debian.org>. (Mon, 11 Jul 2011 16:30:03 GMT) (full text, mbox, link).

Message #10 received at 632260@bugs.debian.org (full text, mbox, reply):

tags 632260 = upstream unreproducible
severity 632260 normal
thanks

I have tested with version 3.0.1-7 from stable, I can turn off network
dictionary, and it won't appear again on restart.

-- 
Regards,
Aron Xu

Added tag(s) unreproducible; removed tag(s) security. Request was from Aron Xu <happyaron.xu@gmail.com> to control@bugs.debian.org. (Mon, 11 Jul 2011 16:30:04 GMT) (full text, mbox, link).

Severity set to 'normal' from 'grave' Request was from Aron Xu <happyaron.xu@gmail.com> to control@bugs.debian.org. (Mon, 11 Jul 2011 16:30:05 GMT) (full text, mbox, link).

Reply sent to Aron Xu <happyaron.xu@gmail.com>:
You have taken responsibility. (Mon, 11 Jul 2011 16:36:04 GMT) (full text, mbox, link).

Notification sent to phcoder <phcoder@gmail.com>:
Bug acknowledged by developer. (Mon, 11 Jul 2011 16:36:04 GMT) (full text, mbox, link).

Message #19 received at 632260-done@bugs.debian.org (full text, mbox, reply):

Version: 3.0.1-5

And yes I found network dictionary is disabled by default since 3.0.1-5:

> stardict (3.0.1-5) unstable; urgency=high
> 
>    * Applied 07_disable_netdict.dpatch: (Closes:#534731) CVE-2009-2260
>      - disable netdict by default
>      - giving warning message
>    * Added --disable-dictdotcn option for CVE-2009-2260
>    * Update 05_g++-4.4.dpatch (Closes:#526162)
>    * debian/control:
>      - Added proper ${misc:Depends}
>      - Replaced build-depends scrollkeeper with rarian-compat
>      - Bumped Standard-version to 3.8.2
>    * debian/rules:
>      - Drop deprecated dh_scrollkeeper
> 
>  -- Andrew Lee <andrew@linux.org.tw>  Sun, 12 Jul 2009 21:17:43 +0800 


-- 
Regards,
Aron Xu

Bug No longer marked as found in versions stardict/3.0.1-7. Request was from Jonathan Wiltshire <jmw@debian.org> to control@bugs.debian.org. (Sat, 06 Aug 2011 20:21:03 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 04 Sep 2011 07:36:40 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:51:16 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

stardict: Impossible to turn off the network dictionarry

Debian Bug report logs - #632260
stardict: Impossible to turn off the network dictionarry

Vulmon Search

About

Products

Connect

stardict: Impossible to turn off the network dictionarry

Debian Bug report logs - #632260 stardict: Impossible to turn off the network dictionarry

Vulmon Search

About

Products

Connect

Debian Bug report logs - #632260
stardict: Impossible to turn off the network dictionarry