Ubuntu
uim package

uim: privilege escalation before 0.4.9.1

Bug #3328 reported by Yagisan on 2005-10-18

Affects		Status	Importance	Assigned to	Milestone
	uim (Ubuntu)	Fix Released	Medium	MOTU
	Breezy	Fix Released	Medium	MOTU

Bug Description

All uim releases before 0.4.9.1 have a security bug, which causes
privilege escalation if applications linked to libuim is set
setuid/setgid.

Patch is here http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620

CVE References

2005-3149

Daniel Holbach (dholbach) on 2005-10-19

Changed in uim:
assignee:	nobody → motu

Benjamin Montgomery (bmonty) on 2005-11-07

Changed in uim:
status:	New → Accepted

Revision history for this message

Benjamin Montgomery (bmonty) wrote on 2005-11-07: uim_0.4.7-1ubuntu2.debdiff

uim_0.4.7-1ubuntu2.debdiff Edit (3.5 KiB, text/plain)

This debdiff fixes this issue for the uim in breezy. It has been sent to <email address hidden>.

Revision history for this message

Benjamin Montgomery (bmonty) wrote on 2005-11-07:

Sent a request to the debian maintainer to remove the pm-dev build depend from the debian package. If this depend is removed, we can sync uim from debian. If not, we will have to create another ubuntu version of the uim package for dapper.

Benjamin Montgomery (bmonty) on 2005-11-07

Changed in uim:
assignee:	nobody → motu
status:	New → Accepted

Benjamin Montgomery (bmonty) on 2005-11-09

Changed in uim:
status:	Accepted → Fixed
status:	Accepted → Fixed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

uim_0.4.7-1ubuntu2.debdiff Edit

Add patch

Remote bug watches

debbugs #331620
[done serious sarge patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuuim package