Your message dated Fri, 17 Apr 2020 16:22:10 +0000
with message-id <[email protected]>
and subject line Bug#956844: Removed package(s) from unstable
has caused the Debian Bug report #806960,
regarding Stardict leaking user data in default configuration.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
806960: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806960
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: stardict
Version: 3.0.1-9.2
Severity: normal
Hi,
"stardict" program in default configuration have by default enabled
plugin "Dict.cn 1.0". This plugin sends every searched word by a plain
HTTP to a server dict.cn. Translated sentence is send even if local
dictionary of local central European language is used and even if
"Enable Network dictionaries" in setting is disabled.
Disabling plugin itself help, however this is not intuitive.
It is not evident that plugins ignore setting from a main settings menu,
a user is not noticed about sending a data in any way.
After years of using stardict, I became aware of this privacy leakage
just after warning from a friend analyzing network traffic.
People who enabled automatic translation of clipboard content
have their password send in plaintext over the network,
when they use a password manager. (I know about at least one such person)
Problematic behavior of stardict in default setting have been (not)
solved repeatedly, I think both reports are related to this plugin:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613236
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534731
Stardict version seems to be the same in all debian versions,
from wheezy to sid.
I suggest disabling "Dict.cn" plugin in a default configuration.
cheers,
n.
-- System Information:
Debian Release: 7.9
APT prefers oldoldstable
APT policy: (500, 'oldoldstable'), (500, 'oldstable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages stardict depends on:
ii stardict-gtk 3.0.1-9.2
stardict recommends no packages.
stardict suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 3.0.6+dfsg-0.3+rm
Dear submitter,
as the package stardict has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/956844
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
