Package: ibus / 1.5.14-3+deb9u2
Metadata
Package | Version | Patches format |
---|---|---|
ibus | 1.5.14-3+deb9u2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
ibus xx f19 password.patch | (download) |
client/gtk3/ibusimcontext.c |
12 12 + 0 - 0 ! |
sed s/gtk2/gtk3/g ibus-xx-f19-password.patch |
ibus xx setup frequent lang.patch | (download) |
data/ibus.schemas.in |
168 168 + 0 - 0 ! |
[patch] enable ibus-setup to show the frequently used languages only in IME list. |
CVE 2019 14822.patch | (download) |
bus/server.c |
75 66 + 9 - 0 ! |
[patch] bus: implement gdbusauthobserver callback ibus uses a GDBusServer with G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS, and doesn't set a GDBusAuthObserver, which allows anyone who can connect to its AF_UNIX socket to authenticate and be authorized to send method calls. It also seems to use an abstract AF_UNIX socket, which does not have filesystem permissions, so the practical effect might be that a local attacker can connect to another user's ibus service and make arbitrary method calls. BUGS=rhbz#1717958 [Salvatore Bonaccorso: Backport to 1.5.19 - Adjust for context changes - Drop update to copyright statements ] [Salvatore Bonaccorso: Backport to 1.5.14 - Adjust for context changes - Drop huncks marking user_data with G_GNUC_UNUSED for _server_connect_start_portal_cb and bus_acquired_handler as not present in 1.5.14. ] |
1