This is mostly fine. Simple enough program, simple packaging, not fast moving. Does anyone know what the story is with Debian on this package?
It does use sprintf unsafely a few places, but always when reading from a 'trusted' location like /etc/kderc. So doesn't seem like a reasonable attack vector. There is one low-quality red flag that I want to block on though: kubuntu_gtktheme.patch introduces a compile warning that seems a genuine problem: xsettings-kde.c:443:11: warning: ‘password’ may be used uninitialized in this function [-Wuninitialized] Seems like the patch just needs to add a '= NULL" to the declaration of password. ** Changed in: xsettings-kde (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to xsettings-kde in Ubuntu. https://bugs.launchpad.net/bugs/930384 Title: [MIR] xsettings-kde To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xsettings-kde/+bug/930384/+subscriptions -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs