Source: exo X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for exo. CVE-2022-32278[0]: | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open | can execute a .desktop file on an attacker-controlled FTP server. https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-32278 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32278 Please adjust the affected versions in the BTS as needed.
