[Bug 930384] Re: [MIR] xsettings-kde
Michael Terry
michael.terry at canonical.com
Mon Feb 13 21:30:20 UTC 2012
This is mostly fine. Simple enough program, simple packaging, not fast
moving. Does anyone know what the story is with Debian on this package?
It does use sprintf unsafely a few places, but always when reading from
a 'trusted' location like /etc/kderc. So doesn't seem like a reasonable
attack vector.
There is one low-quality red flag that I want to block on though:
kubuntu_gtktheme.patch introduces a compile warning that seems a genuine
problem:
xsettings-kde.c:443:11: warning: ‘password’ may be used uninitialized in
this function [-Wuninitialized]
Seems like the patch just needs to add a '= NULL" to the declaration of
password.
** Changed in: xsettings-kde (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to xsettings-kde in Ubuntu.
https://bugs.launchpad.net/bugs/930384
Title:
[MIR] xsettings-kde
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xsettings-kde/+bug/930384/+subscriptions
More information about the kubuntu-bugs
mailing list