home  bbs  files  messages ]

      ZZLI4422             linux.debian.devel             1179 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 1136 of 1179 on ZZLI4422, Tuesday 10-20-25, 10:26  
  From: AARON RAINBOLT  
  To: ATZLINUX@DEBIAN.ORG  
  Subj: Re: Security concerns with Stardict in D  
 From: arraybolt3@gmail.com 
  
 On Sun, 19 Oct 2025 22:28:14 +0800 
 xiao sheng wen(€€€€€€€€€)  wrote: 
  
 > Hi, 
 > 
 > €€€ 2025/10/18 06:35, Aaron Rainbolt €€€€€€: 
 > > On Fri, 17 Oct 2025 23:27:09 +0100 
 > > Simon McVittie  wrote: 
 > > 
 > >> On Fri, 17 Oct 2025 at 14:27:32 -0500, Aaron Rainbolt wrote: 
 > >>> The Debian Policy manual states in section 2.2.1: 
 > >>> 
 > >>>> In addition, the packages in main 
 > >>>> ... 
 > >>>> * must not be so buggy that we refuse to support them... 
 > >>> 
 > >>> I would argue Stardict is this buggy. 
 > >> 
 > >> If that's the case, the first place to report it would be a RC bug 
 > >> against the stardict package (and if the stardict maintainer 
 > >> downgrades the severity of RC bugs in a way that is contrary to 
 > >> project consensus, the group that can overrule them is the release 
 > >> team or the technical committee). 
 > > 
 > > This has already happened. See 
 > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110370, which was 
 > > filed with severity "critical" and tag "security", and which the 
 > > maintainer changed to severity "wishlist" and removed the "security" 
 > > tag from. The maintainer later upgraded the severity to "Important", 
 > > but still did not leave it release-critical, thus why the 
 > > vulnerability still exists in Trixie. 
 > 
 > About fix this vulnerability in Trixie, Please see: 
 > 
 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113750 
 > 
 > The Debian Release Team will review it before next stable point 
 > release. 
  
 I had overlooked that, thank you for pointing it out. 
  
 I guess the central "goal" of my email was to try to find a way to keep 
 password or similar leaks. In your opinion, do you think this issue or 
 a similar one has a high chance of occurring again in the future, or do 
 you think that this probably won't be a problem in the long run for 
 Forky and later? If it isn't going to resurface, then I don't think 
 there's any good reason for my initial request for package removal to 
 be considered. 
  
 Thanks for your time. 
  
 -- 
 Aaron 
  
 > Regards, 
 > 
  
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAEBCgAdFiEEudh48PFXwyPDa0wGpwkWDXPHkQkFAmj1ssoACgkQpwkWDXPH 
 kQk1jA//bylrMW7jlWSMi5RPEGu5Gn9cybChAQfNfDiHbzwK/mnqeSYmB5gtz5qa 
 AOmgQS637MhM6mQqq3/xd7pFg4yKrLOBovmd/FlPSLdmmObjikF594QwCf5lWlmw 
 pia4ivbLeWullwZFeJ2G/QW/P2exDN76zCYgzjG39AnQrLbCtp6PJSBSLp7iEsdU 
 02/H/CkPaB+eJsiUXUmXLWdu8wEK3yoW9yb7WCmViQd3TjuT3Nu8VlAUwgpUvVcn 
 hxvB5ZRoWVOvqTI0d4ceNzwhqCnhfhEExqbYtulABOt9LtCj2hYcBSAVU0EjVAaH 
 YgVSHLVL2aihOCkUoJzxIJgAOes5hhLA713g8ko5h76apeyLdSYuScGuIN6rFqaC 
 dYGKmWDrzE85eIVUlU66qR/ODpTwYr4OXVAcSnOJrIMewTYk7UNbxKKKKnriQb0a 
 kG7miyuPgJn3CwEddWguKiUTSmBe/LKCGGBSSUkqks5t/5M6Kn6nhbTfyKSSeIsD 
 8A4B7bbJRudQ25CfLybB3yhfhbDHKEdy5FZ7XyYpt2NZFzOCkTogTWfiTPSRe+s6 
 vndoE6wcUxon/6qc9A4esSmruuXqo7q/Y2DIoU9FNiRPFugqyGOq7weld0sfYAKI 
 lBsMytwMUWaisCTzMeayHIYKjaW8hyc5Bm3g5q4KbdEsr79pEpw= 
 =tNuo 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,084 visits
(c) 1994,  bbs@darkrealms.ca