Package: nheko Version: 0.11.3-2 Severity: critical Tags: upstream Justification: breaks unrelated software X-Debbugs-Cc: [email protected]
If Ungoogled Chromium ver 112 is running when Nheko is launched, the UC job freezes. No user i/o is accepted.. it becomes like a kind of software brick. UC cannot even be closed, only killed from the CLI. If UC is left alone in the frozen state until Nheko exits, then Nheko brings UC down with it. This report is tagged as /critical/ because it disasterously impacts another unrelated application. It’s also a local security problem because different X or Wayland apps should not have the capability of interfering with each other like this. But I did not tag the report as “security” because it’s not the sort of vuln that remote attackers could easily exploit without chaining other exploits. FWIW, the testing was done on a system running Wayland, Sway, and X Wayland. Also note that Ungoogled Chromium is not in official Debian repos. But Chromium is, so this defect likely impacts Chromium. I have not tested that myself but if someone confirms it, then this bug should be tagged as affecting Chromium. -- System Information: Debian Release: 12.11 APT prefers oldstable-updates APT policy: (990, 'oldstable-updates'), (990, 'oldstable-security'), (990, 'stable'), (990, 'oldstable'), (500, 'oldoldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages nheko depends on: ii gstreamer1.0-nice 0.1.21-1 ii gstreamer1.0-qt5 1.22.0-5+deb12u2 ii libc6 2.36-9+deb12u10 ii libcmark0.30.2 0.30.2-6 ii libcpp-httplib0.11 0.11.4+ds-1+deb12u1 ii libcurl4 7.88.1-10+deb12u12 ii libevent-core-2.1-7 2.1.12-stable-8 ii libevent-pthreads-2.1-7 2.1.12-stable-8 ii libfmt9 9.1.0+ds1-2 ii libgcc-s1 12.2.0-14+deb12u1 ii libglib2.0-0 2.74.6-2+deb12u6 ii libgstreamer-plugins-bad1.0-0 1.22.0-4+deb12u6 ii libgstreamer-plugins-base1.0-0 1.22.0-3+deb12u4 ii libgstreamer1.0-0 1.22.0-2+deb12u1 ii liblmdb0 0.9.24-1 ii libolm3 3.2.13~dfsg-1 ii libqt5core5a 5.15.8+dfsg-11+deb12u3 ii libqt5dbus5 5.15.8+dfsg-11+deb12u3 ii libqt5gui5 5.15.8+dfsg-11+deb12u3 ii libqt5keychain1 0.13.2-5 ii libqt5multimedia5 5.15.8-2 ii libqt5multimedia5-plugins 5.15.8-2 ii libqt5network5 5.15.8+dfsg-11+deb12u3 ii libqt5qml5 5.15.8+dfsg-3 ii libqt5quick5 5.15.8+dfsg-3 ii libqt5svg5 5.15.8-3 ii libqt5widgets5 5.15.8+dfsg-11+deb12u3 ii libre2-9 20220601+dfsg-1+b1 ii libspdlog1.10 [libspdlog1.10-fmt9] 1:1.10.0+ds-0.4 ii libssl3 3.0.17-1~deb12u2 ii libstdc++6 12.2.0-14+deb12u1 ii libxcb-ewmh2 0.4.1-1.1 ii libxcb1 1.15-1 ii qml-module-qt-labs-animation 5.15.8+dfsg-3 ii qml-module-qt-labs-platform 5.15.8+dfsg-2 ii qml-module-qt-labs-settings 5.15.8+dfsg-3 ii qml-module-qtgraphicaleffects 5.15.8-2 ii qml-module-qtmultimedia 5.15.8-2 ii qml-module-qtquick-controls2 5.15.8+dfsg-2 ii qml-module-qtquick-layouts 5.15.8+dfsg-3 ii qml-module-qtquick-particles2 5.15.8+dfsg-3 ii qml-module-qtquick-window2 5.15.8+dfsg-3 ii qml-module-qtquick2 5.15.8+dfsg-3 Versions of packages nheko recommends: ii ca-certificates 20230311+deb12u1 ii fonts-noto-color-emoji 2.042-0+deb12u1 ii kimageformat-plugins 5.103.0-2 ii qt5-image-formats-plugins 5.15.8-2 Versions of packages nheko suggests: pn gstreamer1.0-vaapi <none> -- no debconf information
