UbuntuUpdates.org

Package "tracker-miner-fs"

Name: tracker-miner-fs

Description:

metadata database, indexer and search tool - filesystem indexer
Latest version: 3.3.3-0ubuntu0.20.04.4
Release: jammy (22.04)
Level: updates
Repository: main
Head package: tracker-miners
Homepage: https://wiki.gnome.org/Projects/Tracker

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "tracker-miner-fs"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "tracker-miner-fs" in Jammy

Repository Area Version
base main 3.3.0-1
security main 3.3.3-0ubuntu0.20.04.4

Changelog

Version: 3.3.3-0ubuntu0.20.04.4 2026-02-06 01:07:47 UTC

  tracker-miners (3.3.3-0ubuntu0.20.04.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap Buffer Overflow
    - debian/patches/CVE-2026-1764.patch: check for valid offsets
      extracting MP3 performer tags in
      src/tracker-extract/tracker-extract-mp3.c.
    - CVE-2026-1764
  * SECURITY UPDATE: NULL Pointer Dereference
    - debian/patches/bug426.patch: bail out on 0-size frame for ID3v2.0
      tags in src/tracker-extract/tracker-extract-mp3.c.
    - No CVE number
  * SECURITY UPDATE: Heap Buffer Overflow
    - debian/patches/CVE-2026-1765.patch: check for buffer boundaries
      extracting MP3 TXXX tags in
      src/tracker-extract/tracker-extract-mp3.c.
    - CVE-2026-1765
  * SECURITY UPDATE: Heap Buffer Overflow
    - debian/patches/CVE-2026-1766-pre1.patch: minor code refactor in
      src/tracker-extract/tracker-extract-mp3.c.
    - debian/patches/CVE-2026-1766.patch: refactor/fix handling of COMM
      tags in src/tracker-extract/tracker-extract-mp3.c.
    - CVE-2026-1766
  * SECURITY UPDATE: Heap Buffer Overflow
    - debian/patches/CVE-2026-1767.patch: fix accounting of offsets within
      MP3 performer tags in src/tracker-extract/tracker-extract-mp3.c.
    - CVE-2026-1767

 -- Marc Deslauriers <email address hidden> Tue, 03 Feb 2026 12:27:02 -0500
Source diff to previous version
CVE-2026-1764 Heap Buffer Overflow in GNOME localsearch MP3 Extractor
CVE-2026-1765 Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX Tags)
CVE-2026-1766 Heap Buffer Overflow in GNOME localsearch MP3 Extractor (ID3v2.3 COMM Tags)
CVE-2026-1767 Heap Buffer Overflow in GNOME localsearch MP3 Extractor

Version: 3.3.3-0ubuntu0.20.04.3 2024-04-26 00:07:10 UTC

  tracker-miners (3.3.3-0ubuntu0.20.04.3) jammy; urgency=medium

  * Allow epoll_create1 call in seccomp whitelist (LP: #1990630)
    - d/p/seccomp-allow-epoll-create1.patch

 -- Talha Can Havadar <email address hidden> Wed, 03 Apr 2024 13:27:56 +0200
Source diff to previous version
1990630 [SRU] tracker-extract-3 crashed with signal 31 in __GI_epoll_create1()

Version: 3.3.3-0ubuntu0.20.04.2 2024-02-23 00:06:55 UTC

  tracker-miners (3.3.3-0ubuntu0.20.04.2) jammy; urgency=medium

  [ Denison Barbosa ]
  * Removes install section from tracker-extract.service to prevent it
    from being enabled by systemd. It is a helper service that should be
    managed by tracker-miner-fs.service, not systemd. (LP: #1779890)
    - d/p/lp1779890-remove-install-section-from-tracker-extract-service.patch
    - d/tracker-extract.postinst

 -- Matthew Ruffell <email address hidden> Fri, 01 Dec 2023 17:27:37 +1300
Source diff to previous version
1779890 gvfsd process does not have the KRB5CCNAME environment set

Version: 3.3.3-0ubuntu0.20.04.1 2023-11-22 16:07:05 UTC

  tracker-miners (3.3.3-0ubuntu0.20.04.1) jammy-security; urgency=medium

  * Updated to upstream 3.3.3 version to fix sandbox bypass issue
    - CVE-2023-5557

 -- Marc Deslauriers <email address hidden> Fri, 10 Nov 2023 09:53:21 +0200
CVE-2023-5557 A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if th


About   -   Send Feedback to @ubuntu_updates