Bug#941018: ibus 1.5.21-1 does not work with qt5 applications

Salvatore Bonaccorso carnil at debian.org
Sun Nov 3 16:51:09 GMT 2019

Hi Simon, and all others,

First: thanks for all your work and energy putted in into resolving
this issue.

On Wed, Oct 30, 2019 at 03:04:26PM +0000, Simon McVittie wrote:
> On Wed, 30 Oct 2019 at 15:45:19 +0100, Gunnar Hjalmarsson wrote:
> > Seeing that you included quite a few patches in this update, I have a
> > question as regards the stable releases. Are the commits included in
> > <https://gitlab.gnome.org/GNOME/glib/merge_requests/1176> a standalone set
> > of commits which would be sufficient for patching the stable releases in
> > order to fix the IBus/Qt issue? I'm asking with my Ubuntu glasses on at
> > first hand (in Ubuntu 16.04 we have glib2.0 2.48...), but the question does
> > reasonably apply to Debian too.
> I was hoping to let glib2.0 get some testing in unstable before
> backporting anything. A build of GLib with amd64, i386, build-time tests,
> autopkgtest and piuparts takes about an hour, and I have to do my actual
> job as well, so I can't iterate on this particularly rapidly.
> How do the security team want to handle this - as a stable update, or
> as a DSA? It isn't a security fix in its own right, but it fixes what
> is effectively a regression triggered by fixing CVE-2019-14822 in ibus
> (#940267, DSA-4525-1).

I would lean towards fixing it via a point release, still even if the
issue was uncovered/triggered by fixing CVE-2019-14822. This allows to
a have a slighter more exposure as well before the point release.

Would you agree? And have you the resources to prepare fixes?


More information about the pkg-gnome-maintainers mailing list