uim 0.4.5.1 is released. This release is for *security fix*. http://uim.freedesktop.org/releases/uim-0.4.5.1.tar.gz sha1sum:4a113fc3472fdf7561eb2ad57af189f94a7b17ee uim-0.4.5.1.tar.gz All uim except 0.4.5.1 and 0.4.6beta1 have a security hole. If you are using 'immodule for Qt' enabled Qt, you should upgrade your uim to 0.4.5.1 or 0.4.6beta1. (We'll release 0.4.6beta1 ASAP.) Brief of the bug ================ Vulnerability : privilege escalation Problem-Type : local Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+ prohibits setuid/setgid applications, the bug appears only in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.)
This is CAN-2005-0503 0.4.5.1 is already in the tree, needing stable keywords from alpha, amd64, ppc.
testing on ppc
Sorry for the dupe, please ignore this bug *** This bug has been marked as a duplicate of 82678 ***
stable on ppc