-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 2022-06-17 at 17:08 +0200, Moritz Mühlenhoff wrote: > The following vulnerability was published for exo. > > CVE-2022-32278[0]: > > XFCE 4.16 allows attackers to execute arbitrary code because xdg-open > > can execute a .desktop file on an attacker-controlled FTP server. > > https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2022-32278 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32278 > > Please adjust the affected versions in the BTS as needed.
Hi Moritz thanks for the heads-up, I'll take care of the upload to sid and stable-security. Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmKtu9kACgkQ3rYcyPpX RFsDjQf+NFhYi6pCz7G+2Ce9Byhpoi94b0CN8t2+4ILY2/NJq8wOv6IRgy4TrYz/ tvff1vCiK+OwnSymWnIiUNuslhqZxvJjTGuD1ZvgTd6UCxUhH1nEoE2mjR/LOnIL UePIkyJ3aWAZV1mr/Ez+f+YCZfuxuJKFIhjwX28p6qDvwK+F3oNUdlLJf670v8nz jROrgnIOZ2tVw6+Z3+Bd67VcW9zoHN87/hWIxxM7Hs6qrROGd27YauxTiXHdcDRQ 3fNicUiEB0E8FPhvJ5Dq+iXhHnqef7/WlKp15ci69dDv1RcBBfP1VsAh9OZn5tPE 6nGqseCIwTcPb6ACU1rIJuPoqkxv0w== =552N -----END PGP SIGNATURE-----