Your message dated Tue, 03 Feb 2009 12:02:03 +0000
with message-id <e1lujyd-0004yr...@ries.debian.org>
and subject line Bug#510851: fixed in scim-qtimm 0.9.4-3
has caused the Debian Bug report #510851,
regarding [kdesktop] kdesktop_lock can be unlocked by scim
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
510851: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510851
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kdesktop
Version: 4:3.5.9.dfsg.1-6
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
It is possible to unlock kdesktop_lock on systems with configured scim without
entering a password. This makes it possible to access data of other users or
access random locked PCs (best place to start such an attack would be in some
asian countries).
The system was configure as described in
http://ubuntuforums.org/showthread.php?p=2704098 but with japanese tables.
You must be sure that scim is enabled (for example by pressing ctrl+space and
entering some test data. Then start kdesktop_lock manually by calling
`kdesktop_lock --forcelock` and move your mouse/press some key to start the
password dialog. Just press cancel and move your mouse or press something on
you keyboard again. This should crash kdesktop_lock and enable access to the
desktop.
It was tested on different systems and it could reproduced on all.
This problem is also known by upstream but marked it as invalid because
kdesktop isn't maintained anymore (instead they thing everybody should use kde
4 stuff). http://bugs.kde.org/show_bug.cgi?id=149512
Only workaround seems to disable scim and stop to write in a foreign language
with complex characters... which is not acceptable.
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.26-1
Debian Release: 5.0
500 unstable ftp.de.debian.org
500 testing debian.netcologne.de
--- Package information. ---
Depends (Version) | Installed
========================================-+-=====================
kdelibs4c2a (>= 4:3.5.9) | 4:3.5.10.dfsg.1-1
libc6 (>= 2.7-1) | 2.7-16
libgcc1 (>= 1:4.1.1) | 1:4.3.2-1.1
libgl1-mesa-glx | 7.2-1
OR libgl1 |
libglu1-mesa | 7.0.3-7
OR libglu1 |
libkonq4 (>= 4:3.5.9) | 4:3.5.9.dfsg.1-6
libqt3-mt (>= 3:3.3.8b) | 3:3.3.8b-5
libstdc++6 (>= 4.1.1) | 4.3.2-1.1
libx11-6 | 2:1.1.5-2
libxau6 | 1:1.0.3-3
libxcursor1 (>> 1.1.2) | 1:1.1.9-1
libxext6 | 2:1.0.4-1
libxss1 | 1:1.1.3-1
libxxf86misc1 | 1:1.0.1-3
kdebase-bin (= 4:3.5.9.dfsg.1-6) | 4:3.5.9.dfsg.1-6
kdeeject | 4:3.5.9.dfsg.1-6
--- End Message ---
--- Begin Message ---
Source: scim-qtimm
Source-Version: 0.9.4-3
We believe that the bug you reported is fixed in the latest version of
scim-qtimm, which is due to be installed in the Debian FTP archive:
scim-qtimm_0.9.4-3.diff.gz
to pool/main/s/scim-qtimm/scim-qtimm_0.9.4-3.diff.gz
scim-qtimm_0.9.4-3.dsc
to pool/main/s/scim-qtimm/scim-qtimm_0.9.4-3.dsc
scim-qtimm_0.9.4-3_amd64.deb
to pool/main/s/scim-qtimm/scim-qtimm_0.9.4-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 510...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Zhengpeng Hou <zhengpeng-...@ubuntu.com> (supplier of updated scim-qtimm
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 03 Feb 2009 03:11:46 +0000
Source: scim-qtimm
Binary: scim-qtimm
Architecture: source amd64
Version: 0.9.4-3
Distribution: unstable
Urgency: low
Maintainer: Zhengpeng Hou <zhengpeng-...@ubuntu.com>
Changed-By: Zhengpeng Hou <zhengpeng-...@ubuntu.com>
Description:
scim-qtimm - SCIM context plugin for qt-immodule
Closes: 432331 441596 450360 510851
Changes:
scim-qtimm (0.9.4-3) unstable; urgency=low
.
* Fix failed to report upstream version via debian/watch. (Closes: #450360)
* Add 11_qt_link.dpatch, make scim-qtimm link to qt3. (Closes: #432331)
* Add 12_configure.dpatch, fix ftbfs with gcc-4.3/gcc-snapshot. Closes:
#441596
* Add 20_reset-frontend-data.dpatch fix kdesktop_lock has problem
with scim. (Closes: #510851)
* Re-wrote debian/rules.
* Bump Standards Version to 3.8.0.
* Correct my first name in maintainer field.
Checksums-Sha1:
585bae1c82a5af530e16fff63e7dd208b7ab4ad4 1119 scim-qtimm_0.9.4-3.dsc
b086ec734fee4ddf94c5da51699fc67d9f33e9cf 3891 scim-qtimm_0.9.4-3.diff.gz
40a8dfb10439374d36ab179f2b8621d4f550697b 9598 scim-qtimm_0.9.4-3_amd64.deb
Checksums-Sha256:
f11cc40306cff328dce1dcc31ea6d22084d7147936ddae428999b4359e97aa84 1119
scim-qtimm_0.9.4-3.dsc
bfa41fef6d41590b5dc6e2ddf7f7869842fb8c734e4051269ce2b51234764f65 3891
scim-qtimm_0.9.4-3.diff.gz
8f29e1b2b703a8190a338961456869608465ab2d96954b2a4a0958820bb0a3b6 9598
scim-qtimm_0.9.4-3_amd64.deb
Files:
3fe257dc65ad3bb4ec6cc7768d294bd1 1119 utils optional scim-qtimm_0.9.4-3.dsc
feca934a01d02743e1bb7becbd60c281 3891 utils optional scim-qtimm_0.9.4-3.diff.gz
d0f3640a5365450f7cdb65d1b6446cb6 9598 utils optional
scim-qtimm_0.9.4-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Signed by Ana Guerrero
iEYEARECAAYFAkmIFtUACgkQn3j4POjENGGWcQCfaN1GFHQptoWdtnrAuPE9i2fF
aNgAn3ihw6HwfGR90Ojja/B03OJsKHbD
=QqRe
-----END PGP SIGNATURE-----
--- End Message ---
