Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 4 Nov 2013 22:37:11 +0900
From: Fuminobu TAKEYAMA <ftake@...ko.jp>
To: Marcus Meissner <meissner@...e.de>
Cc: OSS Security List <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: IBUS showing passwords during password input

Hello,

> The behaviour started (I think) with with IBUS 1.5.4
Yes. It happens on IBus-enabled GNOME 3.6+ with IBus 1.5.4 if IBus's
engines (plug-ins) do not support new API introduced by 1.5.4.

Actually, this problem is not found by me, though.
The upstream has already announced in [1].

An IBus developer (Mr. Fuijiwara) says in [1]:
"1.5.2 or lower do not handle the input purpose so the typed chars are
shown as the bug."
So I think the same problem may happen also on GNOME 3.6 + IBus 1.5.2.

[1] https://groups.google.com/forum/#!topic/ibus-user/mvCHDO1BJUw

Best regards,
Fuminobu TAKEYAMA

2013/11/4 Marcus Meissner <meissner@...e.de>:
> Hi,
>
> One of our Japanese users found that some IBUS input methods
> show passwords while typing them, if a special "intent" is not
> provided.
>
> https://bugzilla.novell.com/show_bug.cgi?id=847718
> https://groups.google.com/forum/#!topic/ibus-user/mvCHDO1BJUw
>
> The behaviour started (I think) with with IBUS 1.5.4
>
> Fuminobu Takeyama, is this correct?
>
> Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.