UbuntuUpdates.org

Package "xdg-utils"

Name: xdg-utils

Description:

desktop integration utilities from freedesktop.org

Latest version: 1.1.1-1ubuntu1.16.04.5
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://www.freedesktop.org/wiki/Software/xdg-utils/

Links


Download "xdg-utils"


Other versions of "xdg-utils" in Xenial

Repository Area Version
base main 1.1.1-1ubuntu1
updates main 1.1.1-1ubuntu1.16.04.5

Changelog

Version: 1.1.1-1ubuntu1.16.04.5 2021-01-12 14:07:02 UTC

  xdg-utils (1.1.1-1ubuntu1.16.04.5) xenial-security; urgency=medium

  * SECURITY REGRESSION: simple-scan email functionality break
    - debian/patches/CVE-2020-27748.patch: was reverted/delete in
      scripts/xdg-email.in.

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 11 Jan 2021 10:34:23 -0300

Source diff to previous version
CVE-2020-27748 local file inclusion vulnerability

Version: 1.1.1-1ubuntu1.16.04.4 2020-11-26 16:06:16 UTC

  xdg-utils (1.1.1-1ubuntu1.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: local file inclusion vulnerability
    - debian/patches/CVE-2020-27748.patch: remove attachment handling from
      mailto in scripts/xdg-email.in.
    - CVE-2020-27748

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 25 Nov 2020 10:09:54 -0300

Source diff to previous version
CVE-2020-27748 local file inclusion vulnerability

Version: 1.1.1-1ubuntu1.16.04.3 2018-05-21 19:06:54 UTC

  xdg-utils (1.1.1-1ubuntu1.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Argument-injection attack
    - debian/patches/CVE-2017-18266.patch: fix in xdg-open.in.
    - debian/patches/CVE-2017-18266-final.patch: fix autotest and
      refactoring the vulnerability fix.
    - CVE-2017-18266

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 21 May 2018 10:45:17 -0300

CVE-2017-18266 The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER enviro



About   -   Send Feedback to @ubuntu_updates