Control: tag -1 + security Donncha O'Cearbhaill: > Thank you Phil for providing a backport patch. What is the next step > needed to get this fix released as a backport? The .desktop security > issue is widely know and can be exploited in the wild [1]. IMO this > fixed should be made available as soon as possible.
IMO the next step is to find out the answer to "Is there any plan upstream to backport this fix to their 3.22.x branch, and/or to request a CVE?": if this problem is as severe as it sounds, then it should be tracked as a security issue and fixed cross-distro, rather than patched in only the distros that are lucky enough to have users who care about such things.