Bug#1113750: marked as done (trixie-pu: package stardict/3.0.7+git20220909+dfsg-8+deb13u1(CVE-2025-55014))

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 15 Nov 2025 11:21:45 +0000
with message-id <736c7150dc08501cc89945035c406eaf9688e144.camel@adam-barratt.org.uk>
and subject line Closing requests for updates included in 13.2
has caused the Debian Bug report #1113750,
regarding trixie-pu: package stardict/3.0.7+git20220909+dfsg-8+deb13u1(CVE-2025-55014)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1113750: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113750
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: trixie-pu: package stardict/3.0.7+git20220909+dfsg-8+deb13u1(CVE-2025-55014)
• From: xiao sheng wen <atzlinux@debian.org>
• Date: Tue, 02 Sep 2025 11:56:24 +0800
• Message-id: <175678538424.78086.17597280787285404879.reportbug@localhost>

Package: release.debian.org
Severity: normal
Tags: trixie
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: atzlinux@debian.org
Control: affects -1 + src:stardict

[ Reason ]
Closes: #1110370 CVE-2025-55014
Closes: #806960

[ Impact ]
User will not install network-dictionary plugin default.
If user need to use network-dictionary function, it need to install new
stardict-plugin-network-dictionary package.

[ Tests ]
I installed the updated package on my notebook and tested it,
bugs and CVE fixed.

[ Risks ]
No known risks.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
 1. disable build and not install stardict_dictdotcn.so, Closes: #806960
 2. move stardict_youdaodict.so plugin from stardict-plugin package to a new
    binary package stardict-plugin-network-dictionary,
    these changes Closes: #1110370 CVE-2025-55014

[ Other info ]
 No.

This is my first stable update ever, please be gentle in case I
missed something :-)

Cheers!

xiao sheng wen (atzlinux)

diff -Nru stardict-3.0.7+git20220909+dfsg/debian/changelog stardict-3.0.7+git20220909+dfsg/debian/changelog
--- stardict-3.0.7+git20220909+dfsg/debian/changelog	2024-08-16 15:48:15.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/changelog	2025-09-02 10:34:26.000000000 +0800
@@ -1,3 +1,26 @@
+stardict (3.0.7+git20220909+dfsg-8+deb13u1) trixie; urgency=medium
+
+  * Update d/gbp.conf for trixie-specific
+
+ -- xiao sheng wen <atzlinux@sina.com>  Tue, 02 Sep 2025 10:34:26 +0800
+
+stardict (3.0.7+git20220909+dfsg-8) unstable; urgency=medium
+
+  * remove stardict_youdaodict.so plugin from stardict-plugin package,
+    Closes: #1110370 CVE-2025-55014
+  * split network-dictionary plugin to a new binary package
+    stardict-plugin-network-dictionary
+  * add d/NEWS.Debian
+
+ -- xiao sheng wen <atzlinux@sina.com>  Mon, 11 Aug 2025 10:46:11 +0800
+
+stardict (3.0.7+git20220909+dfsg-7) unstable; urgency=medium
+
+  * d/stardict-plugin.install:not install stardict_dictdotcn.so, Closes: #806960
+  * d/rules:Added --disable-dictdotcn option, dictdotcn is not provid server now
+
+ -- xiao sheng wen <atzlinux@sina.com>  Wed, 06 Aug 2025 14:09:39 +0800
+
 stardict (3.0.7+git20220909+dfsg-6) unstable; urgency=medium
 
   * add d/p/fix-gcc14-FTBFS#1078396.patch (Closes: #1078396) Thanks Nilesh Patra
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/control stardict-3.0.7+git20220909+dfsg/debian/control
--- stardict-3.0.7+git20220909+dfsg/debian/control	2024-07-06 16:38:36.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/control	2025-09-02 10:23:51.000000000 +0800
@@ -237,6 +237,35 @@
  To use this info plugin, please input "info" prefix before string.
  For example: "info printf".
 
+Package: stardict-plugin-network-dictionary
+Architecture: any
+Depends:
+ ${misc:Depends}, ${shlibs:Depends},
+ stardict-gtk (= ${binary:Version}),
+Recommends: stardict-plugin (= ${binary:Version})
+Replaces: stardict-plugin
+Description: International dictionary lookup program - network dictionary plugin
+ StarDict is a cross-platform international dictionary lookup program.
+ .
+ Main features:
+  * Glob-style pattern matching search
+  * Fuzzy search
+  * Working from system tray
+  * Scanning mouse selection and showing pop-up windows with translation of
+    selected words
+  * Pronouncing of the translated words
+  * Plugins support
+  * ..and more
+ .
+ This package contains network-dictionary plugin for StarDict which can query
+ word through the network.
+ .
+ *Warning*
+  * The query word will send through the network use plain-text in this plugin!
+  * Please do *NOT* selects any confidential data to query dictionary
+  * When enable "Scan" function on stardict, the selected text will sended on
+    the net at once.
+
 Package: stardict-plugin
 Architecture: any
 Depends:
@@ -251,6 +280,7 @@
  stardict-plugin-cal (= ${binary:Version}),
  stardict-plugin-fortune (= ${binary:Version}),
  stardict-plugin-info (= ${binary:Version}),
+ stardict-plugin-network-dictionary (= ${binary:Version}),
 Description: International dictionary lookup program - common plugins
  StarDict is a cross-platform international dictionary lookup program.
  .
@@ -277,7 +307,6 @@
   - stardict_flite plugin
   - stardict_gucharmap plugin
   - stardict_update_info plugin
-  - stardict_youdaodict plugin
   - stardict_multi_cmd plugin(add in 3.0.7+git20220909)
 
 Package: stardict-common
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/gbp.conf stardict-3.0.7+git20220909+dfsg/debian/gbp.conf
--- stardict-3.0.7+git20220909+dfsg/debian/gbp.conf	2024-07-06 16:38:36.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/gbp.conf	2025-09-02 10:33:19.000000000 +0800
@@ -1,4 +1,5 @@
 [DEFAULT]
+debian-branch = debian/trixie
 pristine-tar = True
 
 [pq]
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/NEWS.Debian stardict-3.0.7+git20220909+dfsg/debian/NEWS.Debian
--- stardict-3.0.7+git20220909+dfsg/debian/NEWS.Debian	1970-01-01 08:00:00.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/NEWS.Debian	2025-09-02 10:23:51.000000000 +0800
@@ -0,0 +1,13 @@
+stardict (3.0.7+git20220909+dfsg-8) unstable; urgency=medium
+
+  The stardict_youdaodict.so plugin is remove from stardict-plugin package,
+  and move them to a new binary package stardict-plugin-network-dictionary.
+
+ -- xiao sheng wen <atzlinux@debian.org>  Mon, 11 Aug 2025 10:36:28 +0800
+
+stardict (3.0.7+git20220909+dfsg-7) unstable; urgency=medium
+
+  This version disable the stardict_dictdotcn.so plugin in stardict-plugin
+  package, as dictdotcn is not in services.
+
+ -- xiao sheng wen <atzlinux@sina.com>  Wed, 06 Aug 2025 14:09:39 +0800
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/rules stardict-3.0.7+git20220909+dfsg/debian/rules
--- stardict-3.0.7+git20220909+dfsg/debian/rules	2024-07-06 16:38:36.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/rules	2025-09-02 10:23:51.000000000 +0800
@@ -14,6 +14,7 @@
 
 override_dh_auto_configure:
 	dh_auto_configure -- \
+               --disable-dictdotcn \
                --disable-gnome-support
 
 execute_after_dh_auto_build:
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin.install stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin.install
--- stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin.install	2024-07-06 16:38:36.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin.install	2025-09-02 10:23:51.000000000 +0800
@@ -6,11 +6,9 @@
 usr/lib/*/stardict/plugins/stardict_powerword_parsedata.so
 usr/lib/*/stardict/plugins/stardict_wordnet_parsedata.so
 usr/lib/*/stardict/plugins/stardict_wiki_parsedata.so
-usr/lib/*/stardict/plugins/stardict_dictdotcn.so
 usr/lib/*/stardict/plugins/customdict.so
 usr/lib/*/stardict/plugins/stardict_espeak_ng.so
 usr/lib/*/stardict/plugins/stardict_flite.so
 usr/lib/*/stardict/plugins/stardict_gucharmap.so
 usr/lib/*/stardict/plugins/stardict_update_info.so
-usr/lib/*/stardict/plugins/stardict_youdaodict.so
 usr/lib/*/stardict/plugins/stardict_multi_cmd.so
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin-network-dictionary.install stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin-network-dictionary.install
--- stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin-network-dictionary.install	1970-01-01 08:00:00.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin-network-dictionary.install	2025-09-02 10:23:51.000000000 +0800
@@ -0,0 +1 @@
+usr/lib/*/stardict/plugins/stardict_youdaodict.so

--- End Message ---

--- Begin Message ---

• To: 1110859-done@bugs.debian.org, 1111236-done@bugs.debian.org, 1111733-done@bugs.debian.org, 1111734-done@bugs.debian.org, 1111808-done@bugs.debian.org, 1111819-done@bugs.debian.org, 1112097-done@bugs.debian.org, 1112120-done@bugs.debian.org, 1112256-done@bugs.debian.org, 1112261-done@bugs.debian.org, 1112276-done@bugs.debian.org, 1112282-done@bugs.debian.org, 1112283-done@bugs.debian.org, 1112380-done@bugs.debian.org, 1112479-done@bugs.debian.org, 1112557-done@bugs.debian.org, 1112668-done@bugs.debian.org, 1112671-done@bugs.debian.org, 1113711-done@bugs.debian.org, 1113750-done@bugs.debian.org, 1113757-done@bugs.debian.org, 1113761-done@bugs.debian.org, 1113778-done@bugs.debian.org, 1113799-done@bugs.debian.org, 1113804-done@bugs.debian.org, 1113860-done@bugs.debian.org, 1113882-done@bugs.debian.org, 1113902-done@bugs.debian.org, 1113904-done@bugs.debian.org, 1113961-done@bugs.debian.org, 1113979-done@bugs.debian.org, 1114595-done@bugs.debian.org, 1114684-done@bugs.debian.org, 1114755-done@bugs.debian.org, 1114855-done@bugs.debian.org, 1114929-done@bugs.debian.org, 1114979-done@bugs.debian.org, 1115257-done@bugs.debian.org, 1115486-done@bugs.debian.org, 1115530-done@bugs.debian.org, 1115749-done@bugs.debian.org, 1115815-done@bugs.debian.org, 1115860-done@bugs.debian.org, 1115899-done@bugs.debian.org, 1115914-done@bugs.debian.org, 1116012-done@bugs.debian.org, 1116020-done@bugs.debian.org, 1116040-done@bugs.debian.org, 1116053-done@bugs.debian.org, 1116127-done@bugs.debian.org, 1116196-done@bugs.debian.org, 1116201-done@bugs.debian.org, 1116386-done@bugs.debian.org, 1116523-done@bugs.debian.org, 1116526-done@bugs.debian.org, 1116547-done@bugs.debian.org, 1116575-done@bugs.debian.org, 1116665-done@bugs.debian.org, 1116705-done@bugs.debian.org, 1116938-done@bugs.debian.org, 1116945-done@bugs.debian.org, 1116983-done@bugs.debian.org, 1117467-done@bugs.debian.org, 1117469-done@bugs.debian.org, 1117828-done@bugs.debian.org, 1117843-done@bugs.debian.org, 1117876-done@bugs.debian.org, 1117909-done@bugs.debian.org, 1118008-done@bugs.debian.org, 1118037-done@bugs.debian.org, 1118047-done@bugs.debian.org, 1118228-done@bugs.debian.org, 1118374-done@bugs.debian.org, 1118434-done@bugs.debian.org, 1118443-done@bugs.debian.org, 1118458-done@bugs.debian.org, 1118547-done@bugs.debian.org, 1118657-done@bugs.debian.org, 1118663-done@bugs.debian.org, 1118673-done@bugs.debian.org, 1118674-done@bugs.debian.org, 1118737-done@bugs.debian.org, 1119085-done@bugs.debian.org, 1119088-done@bugs.debian.org, 1119115-done@bugs.debian.org, 1119136-done@bugs.debian.org, 1119142-done@bugs.debian.org, 1119256-done@bugs.debian.org, 1119286-done@bugs.debian.org, 1119287-done@bugs.debian.org, 1119288-done@bugs.debian.org, 1119291-done@bugs.debian.org, 1119301-done@bugs.debian.org, 1119303-done@bugs.debian.org, 1119719-done@bugs.debian.org, 1119798-done@bugs.debian.org, 1119854-done@bugs.debian.org, 1119909-done@bugs.debian.org, 1120048-done@bugs.debian.org, 1120050-done@bugs.debian.org, 1120054-done@bugs.debian.org, 1120125-done@bugs.debian.org, 1120129-done@bugs.debian.org, 1120143-done@bugs.debian.org, 1120145-done@bugs.debian.org, 1120148-done@bugs.debian.org, 1120151-done@bugs.debian.org, 1120262-done@bugs.debian.org, 1120278-done@bugs.debian.org, 1120289-done@bugs.debian.org, 1120325-done@bugs.debian.org, 1120345-done@bugs.debian.org, 1120350-done@bugs.debian.org, 1120358-done@bugs.debian.org, 1120360-done@bugs.debian.org, 1120445-done@bugs.debian.org
• Subject: Closing requests for updates included in 13.2
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sat, 15 Nov 2025 11:21:45 +0000
• Message-id: <736c7150dc08501cc89945035c406eaf9688e144.camel@adam-barratt.org.uk>

Package: release.debian.org
Version: 13.2

Hi,

The updates referenced in each of these bugs were included in today's
13.2 trixie point release.

Regards,

Adam

--- End Message ---