- The vulnerability has been fixed in 0.1.12-1ubuntu0.2 [1] So, you
might have already updated it before reporting this bug.
[1] https://launchpad.net/ubuntu/+source/libthai/0.1.12-1ubuntu0.2
- The vulnerability was later proved to be ineffective in libthai [2].
Instead, it's pango/glib that's vulnerable. So, if you want to get rid
of all packages with security flaw, just remove pango instead. :P
[2] https://bugzilla.redhat.com/show_bug.cgi?id=554416
- Regarding the dependency, nothing can be done in libthai to change
this. It's pango that pulls it in, according to upstream decision.
Before the merge, it used to be shipped as a separate third-party plug-
in. Well, if you ask for the re-split, one can ask for other language
engines to be split, too. So, this should be reassigned to pango, for
its maintainers to decide.
** Bug watch added: Red Hat Bugzilla #554416
https://bugzilla.redhat.com/show_bug.cgi?id=554416
--
Hundreds of packages depend on libthai and libthai-data
https://bugs.launchpad.net/bugs/509919
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
