Package: xfce4-notifyd Version: 0.3.4-1 Severity: important Tags: security xfce4-notifyd has bugs (known upstream) in its handling of markup, more specifically of unintentional markup <like this> &this. This bug report is about the way it logs occurrences of such (non-)markup.
Here is a (redacted) example of an entry I've seen in my logs due to user activity. I don't want, and my users almost certainly don't want me, to see this much detail: it's privacy-invasive. I'll filter out these messages but feel that they shouldn't be sent to syslog in the first place. Not in so much detail, and not for every notification that happens to contain an ampersand or a < bracket. Feb 8 HH:MM:SS HOST xfce4-notifyd[PID]: Failed to set text 'NAME: Dear all, the C&G working group is organising a brainstorming session on the topic of TOPIC. Here you can find a preliminary compilation of papers that might be interesting to discuss. You are more than welcome to attend the meeting (DATE @ TIME), and to actively participate to the session by suggesting subtopics, papers, comments, etc. The document should be editable. Let me know if you cannot edit it. Here it is the link: FQDN/fil...' from markup due to error parsing markup: Error on line 1: Entity did not end with a semicolon; most likely you used an ampersand character without intending to start an entity - escape ampersand as & _______________________________________________ Pkg-xfce-devel mailing list Pkg-xfce-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xfce-devel
