Hi Michael, Thanks for the heads-up.
On Fri, May 31, 2019 at 12:26:58PM +0200, Michael Biebl wrote: > Am 30.05.19 um 04:36 schrieb Paul Wise: > > On Wed, 2019-05-29 at 12:57 +0200, Michael Biebl wrote: > > > >>> This has been implemented in 1.8.22. > >> This is apparently implemented as well. > > > > Thanks for the notice. > > > >> https://gitlab.gnome.org/GNOME/network-manager-applet/merge_requests/45 > > > > This appears to introduce an embedded code copy, you might want to let > > the security team know about that once it reaches Debian. > > Sure. > > Dear security team, > network-manager-applet 1.8.22 has been uploaded to experimental. It uses > an internal copy of > https://www.nayuki.io/page/qr-code-generator-library > which afaics is not (yet) packaged for Debian. > See > https://salsa.debian.org/utopia-team/network-manager-applet/blob/experimental/src/libnma/qrcodegen.c Is that the same as src:qr-code-generator as present in unstable, cf. https://tracker.debian.org/pkg/qr-code-generator . Is the network-manager-applet embedded copy unmodified? If so it would be preferable if network-manager-applet could switch to the system one. Regards, Salvatore
