X-Debbugs-CC: debian-security@lists.debian.org 在 2019-09-23一的 17:52 +0200,Gunnar Hjalmarsson写道: > It may be worth mentioning that Ubuntu's security team has disabled > CVE-2019-14822.patch in the stable releases for now. (With my Debian Input Method Team member hat on) While we are still waiting for an upstream fix, I think having security flaw might be better than broken, at least in Sid. Maybe we could revert the problematic CVE fix for now? Of course it would be best if anyone can come up with a patch that fixes both CVE-2019-14822 and the usability issue for Qt5 apps. I'm also interested in the attitude of Security Team towards the broken ibus in buster-security. Best, Boyuan Yang
Attachment:
signature.asc
Description: This is a digitally signed message part