Your message dated Tue, 26 Aug 2025 20:10:32 +0000
with message-id <[email protected]>
and subject line Bug#1110370: fixed in stardict 3.0.7+git20220909+dfsg-8
has caused the Debian Bug report #1110370,
regarding stardict-plugin: CVE-2025-55014: YouDao plugin sends the user's
selection from other apps to Chinese servers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110370: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110370
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: stardict-plugin
Version: 3.0.7+git20220909+dfsg-6
Severity: critical
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
When I run "stardict", the following occurs:
The YouDao plugin opens a calendar in its own window (see attached
screenshot). That's disturbing. What's the relation with a dictionary???
Moreover, it interferes with other applications, once I select
some text, showing a similar calendar window. Worse, "strace"
shows that it sends whatever the user selects on the net!!!
For instance, when I select "relation", strace shows:
911565 write(16, "GET HTTP://dict.youdao.com/fsearch?q=relation
HTTP/1.0\r\nUser-Agent: Mozilla/4.0(compatible;MSIE 5.00;Windows 98)\r\nAccept:
*/*\r\nHost: dict.youdao.com\r\nConnection: close\r\n\r\n", 171) = 171
and also
911565 write(17, "GET HTTP://dict.cn/ws.php?utf8=true&q=relation
HTTP/1.0\r\nUser-Agent: Mozilla/4.0(compatible;MSIE 5.00;Windows 98)\r\nAccept:
*/*\r\nHost: dict.cn\r\nConnection: close\r\n\r\n", 164) = 164
Imagine what could happen when the user selects some confidential
data...
Such a "feature" should never be enabled by default!
-- System Information:
Debian Release: 13.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-security'), (500,
'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500,
'proposed-updates-debug'), (500, 'unstable'), (500, 'testing'), (500,
'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.7.12-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages stardict-plugin depends on:
ii libc6 2.41-11
ii libespeak-ng1 1.52.0+dfsg-5
ii libflite1 2.2-7
ii libgcc-s1 14.2.0-19
ii libglib2.0-0t64 2.84.3-1
ii libgucharmap-2-90-7 1:15.1.5-1+b1
ii libstdc++6 14.2.0-19
ii man-db 2.13.1-1
ii ncal 12.1.8
ii stardict-gtk 3.0.7+git20220909+dfsg-6
stardict-plugin recommends no packages.
Versions of packages stardict-plugin suggests:
pn stardict-plugin-cal <none>
pn stardict-plugin-espeak <none>
pn stardict-plugin-festival <none>
pn stardict-plugin-fortune <none>
pn stardict-plugin-info <none>
pn stardict-plugin-spell <none>
-- no debconf information
--
Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
--- End Message ---
--- Begin Message ---
Source: stardict
Source-Version: 3.0.7+git20220909+dfsg-8
Done: xiao sheng wen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
stardict, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
xiao sheng wen <[email protected]> (supplier of updated stardict package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 11 Aug 2025 10:46:11 +0800
Source: stardict
Binary: stardict stardict-common stardict-gtk stardict-gtk-dbgsym
stardict-plugin stardict-plugin-cal stardict-plugin-cal-dbgsym
stardict-plugin-dbgsym stardict-plugin-espeak stardict-plugin-espeak-dbgsym
stardict-plugin-festival stardict-plugin-festival-dbgsym
stardict-plugin-fortune stardict-plugin-fortune-dbgsym stardict-plugin-info
stardict-plugin-info-dbgsym stardict-plugin-network-dictionary
stardict-plugin-network-dictionary-dbgsym stardict-plugin-spell
stardict-plugin-spell-dbgsym stardict-tools stardict-tools-dbgsym
Architecture: source all amd64
Version: 3.0.7+git20220909+dfsg-8
Distribution: unstable
Urgency: medium
Maintainer: xiao sheng wen <[email protected]>
Changed-By: xiao sheng wen <[email protected]>
Description:
stardict - International dictionary lookup program - stardict.png icons
stardict-common - International dictionary lookup program - data files
stardict-gtk - International dictionary lookup program - gtk
stardict-plugin - International dictionary lookup program - common plugins
stardict-plugin-cal - International dictionary lookup program - cal plugin
stardict-plugin-espeak - International dictionary lookup program - eSpeak TTS
plugin
stardict-plugin-festival - International dictionary lookup program - Festival
TTS plugin
stardict-plugin-fortune - International dictionary lookup program - fortune
plugin
stardict-plugin-info - International dictionary lookup program - info plugin
stardict-plugin-network-dictionary - International dictionary lookup program -
network dictionary plug
stardict-plugin-spell - International dictionary lookup program - spell plugin
stardict-tools - dictionary conversion tools of stardict
Closes: 1110370
Changes:
stardict (3.0.7+git20220909+dfsg-8) unstable; urgency=medium
.
* remove stardict_youdaodict.so plugin from stardict-plugin package,
Closes: #1110370 CVE-2025-55014
* split network-dictionary plugin to a new binary package
stardict-plugin-network-dictionary
* add d/NEWS.Debian
Checksums-Sha1:
f069d4dfcf467dbb20f875d9bcaad53a278155f1 3188
stardict_3.0.7+git20220909+dfsg-8.dsc
d5eaa093aefe3dc528e5064d4206b6900810bcce 23460
stardict_3.0.7+git20220909+dfsg-8.debian.tar.xz
5f7cdad2916963ecd6ee30332560c72f72449282 1147288
stardict-common_3.0.7+git20220909+dfsg-8_all.deb
9e2bb9b873124012eba31a40a98a29a63a587008 5736540
stardict-gtk-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
e3b0e48f771eaffa3a390e6bd95f69128e1eee52 421064
stardict-gtk_3.0.7+git20220909+dfsg-8_amd64.deb
900c3085a569aecb1a4f11cd7d86a1e07283aac0 27792
stardict-plugin-cal-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
83eaf5975eadc1544a18d429de50b5420e33ab7e 11224
stardict-plugin-cal_3.0.7+git20220909+dfsg-8_amd64.deb
62cd6a2ec372d7193c0eb512fbfc4f191dee0995 1365952
stardict-plugin-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
1a9acfdc829009abcdc689b652a08a5111f506e9 35928
stardict-plugin-espeak-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
da2710ec5dfecf967703799bf217fd0bc18b5616 12500
stardict-plugin-espeak_3.0.7+git20220909+dfsg-8_amd64.deb
85ac095bc0e471d91ec86a92e44de966840e790b 83008
stardict-plugin-festival-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
0fa48865461f97ac89bee2baab0f9a5ded1f8fac 443288
stardict-plugin-festival_3.0.7+git20220909+dfsg-8_amd64.deb
07b152e7d59c1b18fb17a991e1a12f8b6621e0c9 27776
stardict-plugin-fortune-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
7226e82d76490268ab0675654f64ef73a7463ee6 11252
stardict-plugin-fortune_3.0.7+git20220909+dfsg-8_amd64.deb
ab4922cb3466e9c4f7d7a888a05025575c99c202 36680
stardict-plugin-info-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
3b9c1657656c549abd0b450725d14185422f9e10 12336
stardict-plugin-info_3.0.7+git20220909+dfsg-8_amd64.deb
51e18b6a2a21e2a68fa36a5511888d9d0d919742 90180
stardict-plugin-network-dictionary-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
e3be27c9d36cb6fc67ddbf6fca7cbaecadf24a6f 14096
stardict-plugin-network-dictionary_3.0.7+git20220909+dfsg-8_amd64.deb
2692d09cf8d8adff3f3444f1f7af939ffcd4f25d 99300
stardict-plugin-spell-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
16b19e04cf8306b0bb4be97d294ca50b3a8385bb 16924
stardict-plugin-spell_3.0.7+git20220909+dfsg-8_amd64.deb
d6e90e2e099107eea29a55b8cd09e4e3f25a3704 110872
stardict-plugin_3.0.7+git20220909+dfsg-8_amd64.deb
b242ac49b27f0abe4a2e5cfec7707f5ed95128c9 7112928
stardict-tools-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
39ebb3851bbbf21f8cad20140cb77f10e3ef930a 381472
stardict-tools_3.0.7+git20220909+dfsg-8_amd64.deb
926fff1d4a77ed208d721a5200e4676cb56fc5b4 47356
stardict_3.0.7+git20220909+dfsg-8_all.deb
1b8500eb6b97c5b094c2b5e4a02e18edf25a7f88 26300
stardict_3.0.7+git20220909+dfsg-8_amd64.buildinfo
Checksums-Sha256:
cbabe6cedbfbecc048b75b76b1b1f8916b0441e08400cf0ebfb2d6a0c24ca789 3188
stardict_3.0.7+git20220909+dfsg-8.dsc
cfc1b0b20d79d16600c7b0e90832f8a66609fdb55c7c0d63248c9be26f469129 23460
stardict_3.0.7+git20220909+dfsg-8.debian.tar.xz
45cd77ae05b7263cb6aa89fe2a12d48896b11ffcbb0f5a2e3acf9a52da7a3d99 1147288
stardict-common_3.0.7+git20220909+dfsg-8_all.deb
ec71dc836b7dbdb8f629dac17fe2028ea28c565ee3261269fb5fe236562a3d57 5736540
stardict-gtk-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
6e37bc78915e6d37e68da59c49412607aa445249f23adb6c17a3ba4545870c97 421064
stardict-gtk_3.0.7+git20220909+dfsg-8_amd64.deb
0a86da8087c4f47ad4c46b82d63bbc2794a4a225662c4e9ff2cbdbc680bcb3cd 27792
stardict-plugin-cal-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
039f07d9df4cb9d34af3d173eb472dda2e2ec06bb3b57e5b50171667ead331e2 11224
stardict-plugin-cal_3.0.7+git20220909+dfsg-8_amd64.deb
7d41bc16b6ee20c69aa830b29ca68f15b21f5d494d826a7f89ddbaab42748f3b 1365952
stardict-plugin-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
a448ecd60062797b8809b450aab7b204b48b215d99caee4dd09e434b64f541b3 35928
stardict-plugin-espeak-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
d3976530a976f5db5d35bd6655112d814cc044a0866208a8174234545fea74fb 12500
stardict-plugin-espeak_3.0.7+git20220909+dfsg-8_amd64.deb
c723ea028c7d4d1d086a81da75bbe3b3e81ee9200298a8fe379fb8d9f2bd098b 83008
stardict-plugin-festival-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
6e9928836af0ea385139137b7e33397bfdc515d815fb6fb8784076969b2b2ed8 443288
stardict-plugin-festival_3.0.7+git20220909+dfsg-8_amd64.deb
dbe942f0d3d603483e1ff8515fb880226a3e9ea86f7dcd34a33e374438b4c975 27776
stardict-plugin-fortune-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
1ac5bd5ee97f5bea6f2b9d8006c66deb1f2c7c1a8ca4d013625c215ab7f771f0 11252
stardict-plugin-fortune_3.0.7+git20220909+dfsg-8_amd64.deb
47393c5dd0d74aac3649dd38440300331d2fb05a00b2209b7c11ead900aea588 36680
stardict-plugin-info-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
9cd71ae103a1c562c2cad65d5bb5d19bfd827598ee2f2227e43cc6a5cf3499c9 12336
stardict-plugin-info_3.0.7+git20220909+dfsg-8_amd64.deb
186da3cfd460f15f3209b41bbb7b9fccacc51f2bdea4bc2c190fa9c1d994c925 90180
stardict-plugin-network-dictionary-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
8ab7646b302119176fb42711ce79bd5290c834845962045a6d45d89d54cf8066 14096
stardict-plugin-network-dictionary_3.0.7+git20220909+dfsg-8_amd64.deb
16cce82c6a67cc73e113547d022614fd7295d01b0367d63c02e6f87bf5a7be76 99300
stardict-plugin-spell-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
68ed77ed1019772d949d8768f2d978ba492a2b218d1f1490829d01af365ff3ac 16924
stardict-plugin-spell_3.0.7+git20220909+dfsg-8_amd64.deb
41b2dd9175499c7ed27afca298c2834ae837e94791af8b2246c2ade80a0f3e85 110872
stardict-plugin_3.0.7+git20220909+dfsg-8_amd64.deb
d54fa709389cb1250602184a9d602838fb5c2278f6ee05de8fce7d93dfb93b80 7112928
stardict-tools-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
9fbc35294eb29da28fd69d60d2cde1fc1eaa6fd69b201759302127aa3f69a8d9 381472
stardict-tools_3.0.7+git20220909+dfsg-8_amd64.deb
a92052ae6e989c313c739bf111156da758b117aeae187e9d8ebab9797021b424 47356
stardict_3.0.7+git20220909+dfsg-8_all.deb
0839dcdb1655f87aad85246de04d3de753f6c24ac09cf4f50f2416b2e973f296 26300
stardict_3.0.7+git20220909+dfsg-8_amd64.buildinfo
Files:
9bdeeafc1d9bac8b744ca0b4e5c340e9 3188 utils optional
stardict_3.0.7+git20220909+dfsg-8.dsc
79be7d08140ac2d44c5afa245e0bbbb0 23460 utils optional
stardict_3.0.7+git20220909+dfsg-8.debian.tar.xz
e3a0b0e19d2eba3a99ab8da361b1f3a0 1147288 utils optional
stardict-common_3.0.7+git20220909+dfsg-8_all.deb
8c37217de76c0f6ab3091b59d0326dc7 5736540 debug optional
stardict-gtk-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
2fb2006203e3f074abd75d24e68d3875 421064 utils optional
stardict-gtk_3.0.7+git20220909+dfsg-8_amd64.deb
1cacc8493ff09ac8a414024a51be3b64 27792 debug optional
stardict-plugin-cal-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
76c08b5bca4630b9204914e30ae198f9 11224 utils optional
stardict-plugin-cal_3.0.7+git20220909+dfsg-8_amd64.deb
1232084039f706167138571351cd1083 1365952 debug optional
stardict-plugin-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
b8f4c02169a829c57ed12fd1eebe25c0 35928 debug optional
stardict-plugin-espeak-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
e292e25e7c30c61af058cfb13d2865b2 12500 utils optional
stardict-plugin-espeak_3.0.7+git20220909+dfsg-8_amd64.deb
fed5624966fc34da090dff37c0609167 83008 debug optional
stardict-plugin-festival-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
66f202a46aa2f1740b9483cb873d8fae 443288 utils optional
stardict-plugin-festival_3.0.7+git20220909+dfsg-8_amd64.deb
21cd7aeb2457dc0c37e89f3fce53e21e 27776 debug optional
stardict-plugin-fortune-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
6ea3ef3d526ce9e536aa51033a287940 11252 utils optional
stardict-plugin-fortune_3.0.7+git20220909+dfsg-8_amd64.deb
58662b0777f3f44cb6e77398180af12e 36680 debug optional
stardict-plugin-info-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
addafbe50a6c0ff8a23c162024f0e07f 12336 utils optional
stardict-plugin-info_3.0.7+git20220909+dfsg-8_amd64.deb
37533410de73e152c44f81da4790e478 90180 debug optional
stardict-plugin-network-dictionary-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
307d6efb35eb23282b82a9eec21d44ae 14096 utils optional
stardict-plugin-network-dictionary_3.0.7+git20220909+dfsg-8_amd64.deb
07de5492ff9d1f2c6729d158e15aae13 99300 debug optional
stardict-plugin-spell-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
57009acede87e206c966e8279bc7143f 16924 utils optional
stardict-plugin-spell_3.0.7+git20220909+dfsg-8_amd64.deb
eb7fa8b3d1699e58a6887db2a89257b1 110872 utils optional
stardict-plugin_3.0.7+git20220909+dfsg-8_amd64.deb
04062a6cfd0b41dd1cd73748ea8032b6 7112928 debug optional
stardict-tools-dbgsym_3.0.7+git20220909+dfsg-8_amd64.deb
3c045226ce4d46f416dedd2159dca0ee 381472 utils optional
stardict-tools_3.0.7+git20220909+dfsg-8_amd64.deb
a7f45a8afe8c44df7ceca6bcd19bf952 47356 utils optional
stardict_3.0.7+git20220909+dfsg-8_all.deb
5303941d68b31c6fa5285c152c002114 26300 utils optional
stardict_3.0.7+git20220909+dfsg-8_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvGv7H5NUQYeSuhtTJ2Egg8PSprAFAmiZwqgACgkQJ2Egg8PS
prCTexAAkK9sLh63zSuNsBq75dV34NC2zYytDGgTJv7KqqbiLdRHk+G/z7NoqVq8
lym8DJQkpn8OcVCS2EWBhLTIBV3qQXQVIrswCtGY2tppKIN+GYxIniGR6azh/ouO
TO2vULNHj7Qb1Qb05xuh4WoJWboa+oidp4oZBUTcCo8oZ+OR7yNqGYVGAg0jb5zK
8Lg0w97muGCVjoxwFEgqbUgi7aq7+uU2rVIMTucd0eYIFGGFDqCY+hmsIiVsKEL0
wuEY4NAAQUh0mMt+vKSrNnyhSgupNI+lnstYU8tXHI7sPCePPSXLcE+pdmmn7XkI
1t7l0ypiE8ykclzq0ohyhkB7VBYzDyZupTkG9Lxe8OtydOlqVnvI0YEcm5bFFTWx
2pN8F8EWEeKnqm9Ei7SwbPbs8dZYd02f/wNSIDRnYkaRhQ1MGJNI/B95WoIKkTiu
HqnOghQGX2z9rbjOMIP+Bf96GcUbMsXggVQ/d/SYfrj1MJ+nfKxZ/48NmRFlZqIR
rnBKA4kxVLB88loNCScR8VEVzyzHI64wTJyBTHjAN0t57ULFAIzg/ntgEU3N90EU
vGpyDiwKCURofIwWHLtVvTMF4alBt3ncb7Zxa1Z0cG/wmP6L9kGRvdBje2Ifyye5
wxm06I53Xeq1Zg0IugsQpFmUEUtWk1DIYWSoKJAdoGus0dBN5k0=
=uXg/
-----END PGP SIGNATURE-----
pgp10jWzkK6A8.pgp
Description: PGP signature
--- End Message ---
