Re: ibus/CVE-2019-14822/glibc

To: Emilio Pozuelo Monfort <pochu@debian.org>, debian-lts@lists.debian.org
Subject: Re: ibus/CVE-2019-14822/glibc
From: Brian May <bam@debian.org>
Date: Wed, 08 Jan 2020 17:16:30 +1100
Message-id: <[🔎] 87woa25v7l.fsf@silverfish.pri>
In-reply-to: <[🔎] a192ee5e-7a94-3403-8d1b-609950627612@debian.org>
References: <87k1741xt6.fsf@silverfish.pri> <87zhfwhm6s.fsf@silverfish.pri> <249f6fff-4f52-00a9-04e9-5092503894fc@debian.org> <[🔎] 87o8vh6rbl.fsf@silverfish.pri> <[🔎] 87lfql6pxo.fsf@silverfish.pri> <[🔎] 878smj7oyo.fsf@silverfish.pri> <[🔎] a192ee5e-7a94-3403-8d1b-609950627612@debian.org>

Emilio Pozuelo Monfort <pochu@debian.org> writes:

> Yes, that's the failing test I mentioned in my email. Building without the
> patches works for me. I am still looking at whether upgrading ibus is worth it
> due to the regression risk.

It looks like the 2nd patch that is doing this. Just the 1st patch is
fine.

My running theory at present is that the test is confused because
authentication is now required.

I have no idea whether this is worth it or not.

Possibly one option to think about is just patch ibus - that way the
security issue is solved, and wait and see if anybody complains about
the glib2.0 breakage.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: ibus/CVE-2019-14822/glibc
  - From: Brian May <bam@debian.org>

References:
- Re: ibus/CVE-2019-14822/glibc
  - From: Brian May <bam@debian.org>
- Re: ibus/CVE-2019-14822/glibc
  - From: Brian May <bam@debian.org>
- Re: ibus/CVE-2019-14822/glibc
  - From: Brian May <bam@debian.org>
- Re: ibus/CVE-2019-14822/glibc
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: LTS report for December 2019
Next by Date: Re: ibus/CVE-2019-14822/glibc
Previous by thread: Re: ibus/CVE-2019-14822/glibc
Next by thread: Re: ibus/CVE-2019-14822/glibc
Index(es):
- Date
- Thread