This is mostly fine. Simple enough program, simple packaging, not fast
moving. Does anyone know what the story is with Debian on this package?
It does use sprintf unsafely a few places, but always when reading from
a 'trusted' location like /etc/kderc. So doesn't seem like a reasonable
attack vector.
There is one low-quality red flag that I want to block on though:
kubuntu_gtktheme.patch introduces a compile warning that seems a genuine
problem:
xsettings-kde.c:443:11: warning: ‘password’ may be used uninitialized in
this function [-Wuninitialized]
Seems like the patch just needs to add a '= NULL" to the declaration of
password.
** Changed in: xsettings-kde (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to xsettings-kde in Ubuntu.
https://bugs.launchpad.net/bugs/930384
Title:
[MIR] xsettings-kde
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xsettings-kde/+bug/930384/+subscriptions
--
kubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
