UbuntuUpdates.org

Package "xdg-utils"

Name: xdg-utils

Description:

desktop integration utilities from freedesktop.org

Latest version: 1.1.2-1ubuntu2.5
Release: bionic (18.04)
Level: security
Repository: main
Homepage: https://www.freedesktop.org/wiki/Software/xdg-utils/

Links


Download "xdg-utils"


Other versions of "xdg-utils" in Bionic

Repository Area Version
base main 1.1.2-1ubuntu2
updates main 1.1.2-1ubuntu2.5

Changelog

Version: 1.1.2-1ubuntu2.5 2021-01-12 14:07:04 UTC

  xdg-utils (1.1.2-1ubuntu2.5) bionic-security; urgency=medium

  * SECURITY REGRESSION: simple-scan email functionality break
    - debian/patches/CVE-2020-27748.patch: was reverted/delete in
      scripts/xdg-email.in.

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 11 Jan 2021 10:41:09 -0300

Source diff to previous version
CVE-2020-27748 local file inclusion vulnerability

Version: 1.1.2-1ubuntu2.4 2020-11-28 16:06:19 UTC

  xdg-utils (1.1.2-1ubuntu2.4) bionic-security; urgency=medium

  * SECURITY UPDATE: local file inclusion vulnerability
    - debian/patches/CVE-2020-27748.patch: remove attachment handling from
      mailto in scripts/xdg-email.in.
    - CVE-2020-27748

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Nov 2020 14:19:07 -0300

Source diff to previous version
CVE-2020-27748 local file inclusion vulnerability

Version: 1.1.2-1ubuntu2.2 2018-05-21 19:06:57 UTC

  xdg-utils (1.1.2-1ubuntu2.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Argument-injection attack
    - debian/patches/CVE-2017-18266.patch: fix in xdg-open.in.
    - debian/patches/CVE-2017-18266-final.patch: fix autotest and
      refactoring the vulnerability fix.
    - CVE-2017-18266

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 18 May 2018 11:29:03 -0300

CVE-2017-18266 The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER enviro



About   -   Send Feedback to @ubuntu_updates