On Tue, May 28, 2024 at 05:33:32PM -0400, Jeremy Bícha wrote:
> Control: forwarded -1 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
>
> On Tue, May 28, 2024 at 5:24 PM Moritz Mühlenhoff <j...@inutil.org> wrote:
> > CVE-2024-36472[0]:
> > | In GNOME Shell through 45.7, a portal helper can be launched
> > | automatically (without user confirmation) based on network responses
> > | provided by an adversary (e.g., an adversary who controls the local
> > | Wi-Fi network), and subsequently loads untrusted JavaScript code,
> > | which may lead to resource consumption or other impacts depending on
> > | the JavaScript code's behavior.
>
> The initial GNOME issue was closed already (the CVE was requested by
> someone who is not a GNOME developer). But GNOME Shell may change the
> workflow for the captive portal helper so we can leave this bug open,
> pointing to the new issue that was opened upstream.
Yeah, the never filed a bug for the botched CVE assignment, this is the
bug reference explocitly for the followup actionable filed by Michael Catanzaro
Cheers,
Moritz
