Hi, I just upload it, this package has been put into the NEW queue again. https://ftp-master.debian.org/new/stardict_3.0.7+git20220909+dfsg-8+deb13u1.html The version 3.0.7+git20220909+dfsg-8 already passed the NEW queue in sid before. 在 2025/9/2 11:56, xiao sheng wen 写道: > Package: release.debian.org > Severity: normal > Tags: trixie > User: release.debian.org@packages.debian.org > Usertags: pu > X-Debbugs-Cc: atzlinux@debian.org > Control: affects -1 + src:stardict > > [ Reason ] > Closes: #1110370 CVE-2025-55014 > Closes: #806960 > > [ Impact ] > User will not install network-dictionary plugin default. > If user need to use network-dictionary function, it need to install new > stardict-plugin-network-dictionary package. > > [ Tests ] > I installed the updated package on my notebook and tested it, > bugs and CVE fixed. > > [ Risks ] > No known risks. > > [ Checklist ] > [x] *all* changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in stable > [x] the issue is verified as fixed in unstable > > [ Changes ] > 1. disable build and not install stardict_dictdotcn.so, Closes: #806960 > 2. move stardict_youdaodict.so plugin from stardict-plugin package to a new > binary package stardict-plugin-network-dictionary, > these changes Closes: #1110370 CVE-2025-55014 > > [ Other info ] > No. > > This is my first stable update ever, please be gentle in case I > missed something :-) > > Cheers! > > xiao sheng wen (atzlinux) -- 肖盛文 xiao sheng wen -- Debian Developer(atzlinux) Debian QA page: https://qa.debian.org/developer.php?login=atzlinux%40debian.org Debian salsa: https://salsa.debian.org/atzlinux-guest GnuPG Public Key: 0x00186602339240CB
Attachment:
OpenPGP_0x00186602339240CB.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature