UbuntuUpdates.org

Package "xdg-utils"

Name: xdg-utils

Description:

desktop integration utilities from freedesktop.org
Latest version: 1.1.2-1ubuntu2.5
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: https://www.freedesktop.org/wiki/Software/xdg-utils/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "xdg-utils"

All arch deb package
APT INSTALL

Other versions of "xdg-utils" in Bionic

Repository Area Version
base main 1.1.2-1ubuntu2
security main 1.1.2-1ubuntu2.5

Changelog

Version: 1.1.2-1ubuntu2.5 2021-01-12 15:07:16 UTC

  xdg-utils (1.1.2-1ubuntu2.5) bionic-security; urgency=medium

  * SECURITY REGRESSION: simple-scan email functionality break
    - debian/patches/CVE-2020-27748.patch: was reverted/delete in
      scripts/xdg-email.in.

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 11 Jan 2021 10:41:09 -0300
Source diff to previous version
CVE-2020-27748 local file inclusion vulnerability

Version: 1.1.2-1ubuntu2.4 2020-11-26 20:07:15 UTC

  xdg-utils (1.1.2-1ubuntu2.4) bionic-security; urgency=medium

  * SECURITY UPDATE: local file inclusion vulnerability
    - debian/patches/CVE-2020-27748.patch: remove attachment handling from
      mailto in scripts/xdg-email.in.
    - CVE-2020-27748

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Nov 2020 14:19:07 -0300
Source diff to previous version
CVE-2020-27748 local file inclusion vulnerability

Version: 1.1.2-1ubuntu2.3 2018-11-07 15:06:49 UTC

  xdg-utils (1.1.2-1ubuntu2.3) bionic; urgency=medium

  * Use perl's decode() to ensure we don't pass invalid UTF-8 to D-Bus, as
    doing so triggers an assertion from libdbus which makes us crash. LP:
    #1743216 (Debian #910070, Upstream #108121)

 -- Iain Lane <email address hidden> Tue, 02 Oct 2018 11:15:48 +0100
Source diff to previous version

Version: 1.1.2-1ubuntu2.2 2018-05-21 19:06:57 UTC

  xdg-utils (1.1.2-1ubuntu2.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Argument-injection attack
    - debian/patches/CVE-2017-18266.patch: fix in xdg-open.in.
    - debian/patches/CVE-2017-18266-final.patch: fix autotest and
      refactoring the vulnerability fix.
    - CVE-2017-18266

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 18 May 2018 11:29:03 -0300
CVE-2017-18266 The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER enviro


About   -   Send Feedback to @ubuntu_updates