A security issue fixed upstream in ibus has been announced: https://www.openwall.com/lists/oss-security/2019/09/13/1 The commit that fixed it is linked in the message above. Mageia 6 and Mageia 7 are also affected.
Whiteboard: (none) => MGA7TOO, MGA6TOO
Done for Cauldron, mga7 and mga6!
CC: (none) => geiger.david68210
I hope base system is the most appropriate assignee for this. Otherwise it would be for anybody (pkg-bugs).
Assignee: bugsquad => basesystem
Advisory: ======================== Updated ibus packages fix security vulnerability: It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical environment, could use this flaw to intercept all keystrokes of the victim user or modify input related configurations through DBus method calls (CVE-2019-14822). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14822 https://www.openwall.com/lists/oss-security/2019/09/13/1 ======================== Updated packages in core/updates_testing: ======================== ibus-1.5.16-3.1.mga6 libibus1.0_5-1.5.16-3.1.mga6 libibus-gir1.0-1.5.16-3.1.mga6 ibus-devel-1.5.16-3.1.mga6 ibus-ui-gtk3-1.5.16-3.1.mga6 ibus-gtk-1.5.16-3.1.mga6 ibus-gtk3-1.5.16-3.1.mga6 ibus-1.5.20-1.1.mga7 libibus1.0_5-1.5.20-1.1.mga7 libibus-gir1.0-1.5.20-1.1.mga7 ibus-devel-1.5.20-1.1.mga7 ibus-ui-gtk3-1.5.20-1.1.mga7 ibus-gtk-1.5.20-1.1.mga7 ibus-gtk3-1.5.20-1.1.mga7 from SRPMS: ibus-1.5.16-3.1.mga6.src.rpm ibus-1.5.20-1.1.mga7.src.rpm
Version: Cauldron => 7Assignee: basesystem => qa-bugsWhiteboard: MGA7TOO, MGA6TOO => MGA6TOO
MGA6-64 Plasma on Lenovo B50 No installation issues. Bug 16317 tells me that this package has to do with Chinese characters and impacted firefox at that time. I cann't see any bad effects on Firefox withthenew version, but a test by someone who actually uses Chinese characters would be nice to OK this update.
CC: (none) => herman.viaene
mga7, x86_64 Wikipedia has: "an input method (IM) framework for multilingual input in Unix-like operating-systems" Checked the list of RPMs and installed anything missing. All updated cleanly. $ rpm -qa | grep ibus ibus-ui-gtk3-1.5.20-1.1.mga7 ibus-devel-1.5.20-1.1.mga7 ibus-gtk3-1.5.20-1.1.mga7 lib64ibus1.0_5-1.5.20-1.1.mga7 lib64ibus-gir1.0-1.5.20-1.1.mga7 ibus-gtk-1.5.20-1.1.mga7 ibus-1.5.20-1.1.mga I agree with Herman that tests of Firefox with other languages, not necessarily Chinese, after the update, would provide some reassurance. Office productivity suites like LibreOffice as well maybe? Giving this a tentative OK for 64bits.
Whiteboard: MGA6TOO => MGA6TOO MGA7-64-OKCC: (none) => tarazed25
mga6, x86_64 All seven base packages already installed. They all updated cleanly. Following comments 4 and 5 this is about all we can do.
Whiteboard: MGA6TOO MGA7-64-OK => MGA6TOO MGA6-64-OK MGA7-64-OK
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory uploaded.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0284.html
Status: NEW => RESOLVEDResolution: (none) => FIXED