Volunteers needed to do security analysis on Deepin packages

salimma · May 13, 2025, 6:50pm

Dear all,

@adamwill recently brought up an issue with FESCo: Issue #3409: Deepin security review request - fesco - Pagure.io

TL;DR Deepin has recently been removed from openSUSE because of ongoing security issues

There are no CVEs as far as we are aware of, so it’s not quite straightforward to assess the severity of these issues at first glance; someone will have to go through all the Deepin packages, or at least those referenced in the openSUSE announcement, and assess the Fedora packages.

I’ll flag this to #security:fedoraproject.org and cross-post to the development list as well:

If anyone is willing to help, please coordinate either in comments here, in the mailing list, or in the Matrix room.

Best regards,

Michel Lind, on behalf of FESCo

py0xc3 · May 14, 2025, 4:06pm

I think this is worth to be pinned globally, also to shift some attention to the more/wider strategic points of @adamwill in the FESCo ticket → pinned globally until Monday

augenauf · May 15, 2025, 7:52am

What about

https://bugzilla.redhat.com/show_bug.cgi?id=2300152, and
dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) | SUSE Security Team Blog (dde-api is in Fedora repo)

Topic		Replies	Views
Fedora Deepin Spin Ask Fedora desktop	6	1639	April 12, 2021
RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages Project Discussion package-maintainers , security-sig	1	145	May 7, 2024
Fedora & openSuSE (and others) Local London Meetup? Project Discussion mindshare , commops-team , magazine-team , fesco , idea	1	86	August 7, 2024
FESCo Elections: Interview with Stephen Gallagher (sgallagh) Community Blog	0	20	May 20, 2025
Security Shortcomings in Fedora Ask Fedora	6	917	May 3, 2024

Volunteers needed to do security analysis on Deepin packages

Related topics