ibus: CVE-2013-4509

Debian Bug report logs - #729065
ibus: CVE-2013-4509

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: ibus: CVE-2013-4509

Date: Fri, 08 Nov 2013 14:41:25 +0100

Package: ibus
Severity: important
Tags: security

Hi,
this has been assigned CVE-2013-4509
https://groups.google.com/forum/#!topic/ibus-user/mvCHDO1BJUw

Some additional information can be found in the Novell bugzilla:
https://bugzilla.novell.com/show_bug.cgi?id=847718

It is my understanding that this needs to be fixed in various
Ibus engines. Please test the affected engines and clone/reassign 
this bug to the affected source packages.

Cheers,
        Moritz

Message #10 received at 729065@bugs.debian.org (full text, mbox, reply):

From: Osamu Aoki <osamu@debian.org>

To: Moritz Muehlenhoff <jmm@inutil.org>, 729065@bugs.debian.org

Subject: Re: Bug#729065: ibus: CVE-2013-4509

Date: Sun, 17 Nov 2013 17:35:31 +0900

Hi,

On Fri, Nov 08, 2013 at 02:41:25PM +0100, Moritz Muehlenhoff wrote:
> Hi,
> this has been assigned CVE-2013-4509
> https://groups.google.com/forum/#!topic/ibus-user/mvCHDO1BJUw
> 
> Some additional information can be found in the Novell bugzilla:
> https://bugzilla.novell.com/show_bug.cgi?id=847718

- ibus-mozc (fixed in 1.12.1599.102) in unstable now
- ibus-anthy (fixed in 1.5.4) in unstable now (I uploaded)
- ibus-pinyin  -- old so probably not yet fixed
- ibus-chewing -- old so probably not yet fixed
 ...

> It is my understanding that this needs to be fixed in various
> Ibus engines. Please test the affected engines and clone/reassign 
> this bug to the affected source packages.

Testing chinese input method is difficult for me :-)  Aron is busy with
fcitx.  (I do not know how they work due to may lack of chinese skill).
At this moment, we have not enough people for IM, so we are slow.

As I see novelle site, it also mention another bug for ibus:
https://bugzilla.redhat.com/show_bug.cgi?id=1013948

I will probably port fedora fixes once they are available.

By the way, I can get fedora source as easily as ubuntu but openSUSE
source ... I do not know where to begin.

  http://arm.koji.fedoraproject.org/koji/search (Fedora source info site)
  https://wiki.debian.org/Repackage_srcrpm      (Method I use)
  https://launchpad.net/                        (Ubuntu info site.)

Does anyoneu know where to find the latest suse source RPM are?

Regards,

Osamu

Message #15 received at 729065@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Osamu Aoki <osamu@debian.org>

Cc: 729065@bugs.debian.org

Subject: Re: Bug#729065: ibus: CVE-2013-4509

Date: Wed, 27 Nov 2013 17:11:32 +0100

On Sun, Nov 17, 2013 at 05:35:31PM +0900, Osamu Aoki wrote:
> > It is my understanding that this needs to be fixed in various
> > Ibus engines. Please test the affected engines and clone/reassign 
> > this bug to the affected source packages.
> 
> Testing chinese input method is difficult for me :-)  Aron is busy with
> fcitx.  (I do not know how they work due to may lack of chinese skill).
> At this moment, we have not enough people for IM, so we are slow.

Please clone the bugs, so that it doesn't get lost.
 
> By the way, I can get fedora source as easily as ubuntu but openSUSE
> source ... I do not know where to begin.
> 
>   http://arm.koji.fedoraproject.org/koji/search (Fedora source info site)
>   https://wiki.debian.org/Repackage_srcrpm      (Method I use)
>   https://launchpad.net/                        (Ubuntu info site.)
> 
> Does anyoneu know where to find the latest suse source RPM are?

See here:
http://oss-security.openwall.org/wiki/distro-patches#opensuse-and-suse-linux

Cheers,
        Moritz

Message #22 received at 729065-close@bugs.debian.org (full text, mbox, reply):

From: Osamu Aoki <osamu@debian.org>

To: 729065-close@bugs.debian.org

Subject: Bug#729065: fixed in ibus 1.5.5-1

Date: Sun, 26 Jan 2014 09:19:40 +0000

Source: ibus
Source-Version: 1.5.5-1

We believe that the bug you reported is fixed in the latest version of
ibus, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 729065@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Osamu Aoki <osamu@debian.org> (supplier of updated ibus package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 26 Jan 2014 16:28:28 +0900
Source: ibus
Binary: ibus libibus-1.0-5 libibus-1.0-dev ibus-gtk ibus-gtk3 python-ibus ibus-doc gir1.2-ibus-1.0
Architecture: source amd64 all
Version: 1.5.5-1
Distribution: unstable
Urgency: medium
Maintainer: IME Packaging Team <pkg-ime-devel@lists.alioth.debian.org>
Changed-By: Osamu Aoki <osamu@debian.org>
Description: 
 gir1.2-ibus-1.0 - Intelligent Input Bus - introspection data
 ibus       - Intelligent Input Bus - core
 ibus-doc   - Intelligent Input Bus - development documentation
 ibus-gtk   - Intelligent Input Bus - GTK+2 support
 ibus-gtk3  - Intelligent Input Bus - GTK+3 support
 libibus-1.0-5 - Intelligent Input Bus - shared library
 libibus-1.0-dev - Intelligent Input Bus - development file
 python-ibus - Intelligent Input Bus - Python support
Closes: 729065 729472 732434
Changes: 
 ibus (1.5.5-1) unstable; urgency=medium
 .
   * New upstream release.
     - CVE-2013-4509 (also with FC19 patch).  Closes: #729065
     - Update ibus-setup message. Closes: #729472
   * Sync with ibus-1.5.5-1.fc19.src.rpm
   * Update debian/rules using DEB_*_MAINT_APPEND (compat=9).
   * Update README.Debian. Closes: #732434
   * Update Standards-Version: 3.9.5
Checksums-Sha1: 
 de6d5470ab9a062910d1a5b29486a4ff529f73ee 2047 ibus_1.5.5-1.dsc
 5671fe504e65aaf396c1d779032d7526c161b64b 2063794 ibus_1.5.5.orig.tar.gz
 60437309963c8531c3d9ee0b597ba35ef491cdbc 88088 ibus_1.5.5-1.debian.tar.xz
 b4be3f8b28f84e7d0d598e65aa09966f99fa92b5 461786 ibus_1.5.5-1_amd64.deb
 8569c6e107dbc51e312cb1b17da978880e09eb10 292634 libibus-1.0-5_1.5.5-1_amd64.deb
 5fa6a5b69ad7d0bcc99021590b836d09533acfe6 318380 libibus-1.0-dev_1.5.5-1_amd64.deb
 c31cf6abbe2e7ae72ef95915bdf24aa1f99f1907 193466 ibus-gtk_1.5.5-1_amd64.deb
 a95f9aa156263da040c0260a238957694a9212a9 193564 ibus-gtk3_1.5.5-1_amd64.deb
 9d0f09e6cfd766472e045c0a24ef7162a221c9b8 209794 python-ibus_1.5.5-1_all.deb
 5e7e5ff4b4b514a8ba87e32e9374f25cb1c2a5fa 417326 ibus-doc_1.5.5-1_all.deb
 3d279478132f4ceddda2c7c7548290cd5907e0e7 241612 gir1.2-ibus-1.0_1.5.5-1_amd64.deb
Checksums-Sha256: 
 7a5ecb471abd2c8e777bce5eb3219e011b10429a6cd87f173be7901898854978 2047 ibus_1.5.5-1.dsc
 02ab36af6048399fedbe8d85074b161219b89df5020932df33cf8829764f8aec 2063794 ibus_1.5.5.orig.tar.gz
 1e52366ba6b8a52ca295b2bb3a6f3a2dfdc17a125d0e0075fad76a9b9e4d59ee 88088 ibus_1.5.5-1.debian.tar.xz
 9e385e3ec848e183a405e46fa7e4c40e5d9bce8f926fe8c02214aa7a8f481f60 461786 ibus_1.5.5-1_amd64.deb
 31a588948f9b9f6b3ef60ebec9ce76220ce2dd8337013b639d7aa86a2a0f7334 292634 libibus-1.0-5_1.5.5-1_amd64.deb
 78ff84b47d625010577a13d9cc27f00cf679edb085ed3739e398c85d854c5432 318380 libibus-1.0-dev_1.5.5-1_amd64.deb
 d791dfe1c7a08fce37ab9ed9b8c98a9ae4e034acf6edf43b8b849c41018a4c9d 193466 ibus-gtk_1.5.5-1_amd64.deb
 f1a6ad40183323dc58245cf773e1f5df9c201d61cdfb275fad54e183d98d298a 193564 ibus-gtk3_1.5.5-1_amd64.deb
 68c7d990a62c81d6e570013215a2199a98362b2852d0f7c002b51cb3e6cd1150 209794 python-ibus_1.5.5-1_all.deb
 9bf3481700e0672909b1af00b0eec6f7d5708a3db4adf82c45e33c0c9c59a40f 417326 ibus-doc_1.5.5-1_all.deb
 02223c30814a914fed643ef7293c74b6da894f247310ea64d1c8e9c34f105461 241612 gir1.2-ibus-1.0_1.5.5-1_amd64.deb
Files: 
 baa4f0c628a0f9752dfb1c08d0a4b684 2047 utils optional ibus_1.5.5-1.dsc
 59b8d2fbed3ceb14edac130f882ccfd4 2063794 utils optional ibus_1.5.5.orig.tar.gz
 4a8cc3e72898de7d0ad64f02588ef89c 88088 utils optional ibus_1.5.5-1.debian.tar.xz
 589762bc50e1e5bb46cc6810b1397fa5 461786 utils optional ibus_1.5.5-1_amd64.deb
 5753e2f2e6277007e1cd6ea3d6627eba 292634 libs optional libibus-1.0-5_1.5.5-1_amd64.deb
 1e56d090dd09034a4c8c0a44c9ef9e3e 318380 libdevel optional libibus-1.0-dev_1.5.5-1_amd64.deb
 e6080160760ac6fc9928251c2a470582 193466 utils optional ibus-gtk_1.5.5-1_amd64.deb
 b971e91ef6bb41e49353a133b070b315 193564 utils optional ibus-gtk3_1.5.5-1_amd64.deb
 ef429afb314cb4c12745a352a4d9d1e3 209794 python optional python-ibus_1.5.5-1_all.deb
 b5a25d9b2176083d3acb4f5179c428be 417326 doc optional ibus-doc_1.5.5-1_all.deb
 1ae1c94adcd71b4c29ba96b8cf861797 241612 introspection optional gir1.2-ibus-1.0_1.5.5-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlLkvTQACgkQ6A/EwagGHzJdUACaAsU8w58zp+dnQzJX0Thd/Sjr
NDYAniEFDE65U81RYS/jpNIpTCr87yUQ
=0P08
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.