Bug#773085: marked as done (xdg-utils: command injection vulnerability)

Fri, 02 Jan 2015 11:22:03 -0800 

Your message dated Fri, 02 Jan 2015 19:18:34 +0000
with message-id <e1y77k2-0006xt...@franck.debian.org>
and subject line Bug#773085: fixed in xdg-utils 1.1.0~rc1+git20111210-7.2
has caused the Debian Bug report #773085,
regarding xdg-utils: command injection vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
773085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773085
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
package: src:xdg-utils
severity: serious
version: 1.0.2+cvs20100307-2
control: tag -1 patch
control: forwarded -1 https://bugs.freedesktop.org/show_bug.cgi?id=66670

A command injection issue was disclosed for xdg-open:
http://seclists.org/fulldisclosure/2014/Nov/36

Patch for testing here:
https://bugs.freedesktop.org/attachment.cgi?id=109536

Best wishes,
Mike

--- End Message ---
--- Begin Message --- 
Source: xdg-utils
Source-Version: 1.1.0~rc1+git20111210-7.2

We believe that the bug you reported is fixed in the latest version of
xdg-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 773...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated xdg-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 31 Dec 2014 22:42:44 +0000
Source: xdg-utils
Binary: xdg-utils
Architecture: source all
Version: 1.1.0~rc1+git20111210-7.2
Distribution: unstable
Urgency: medium
Maintainer: Per Olofsson <pe...@debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description:
 xdg-utils  - desktop integration utilities from freedesktop.org
Closes: 773085
Changes:
 xdg-utils (1.1.0~rc1+git20111210-7.2) unstable; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix command injection vulnerability in xdg-open (closes: #773085).
Checksums-Sha1:
 3669f68b8eb124425b668f232998e4febc0d8850 2704 
xdg-utils_1.1.0~rc1+git20111210-7.2.dsc
 a13ef5b1e4a4a0727c0ff9e0918de4fda945ca74 9732 
xdg-utils_1.1.0~rc1+git20111210-7.2.debian.tar.xz
 35ccdf8c1a31012b18cb5d11acd9dfa406357217 64642 
xdg-utils_1.1.0~rc1+git20111210-7.2_all.deb
Checksums-Sha256:
 0404d7c46bc23738b3ba37177b67f4b750855be80a63f61ecc21243d861a9bf8 2704 
xdg-utils_1.1.0~rc1+git20111210-7.2.dsc
 8134b236e6ced3f2cab1a4ea25eeef265dbb3ff11ecf5b13d569dbe4c3ad6973 9732 
xdg-utils_1.1.0~rc1+git20111210-7.2.debian.tar.xz
 f7af08365bc64835c974aeb3ea38d229edb8bf2e05e5ad9cddbc5051fcddd158 64642 
xdg-utils_1.1.0~rc1+git20111210-7.2_all.deb
Files:
 b63bd67c6db3f9fdcae23fd7079f0c1d 2704 utils optional 
xdg-utils_1.1.0~rc1+git20111210-7.2.dsc
 7411e979829c692a87f37dba66ee7975 9732 utils optional 
xdg-utils_1.1.0~rc1+git20111210-7.2.debian.tar.xz
 f8af2688978c56e4fdf9d29b5cc86ad8 64642 utils optional 
xdg-utils_1.1.0~rc1+git20111210-7.2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJUpuxrAAoJELjWss0C1vRzpH8f/iQbuuRMqDy4IqsBH5Qps7Eo
tpmGMjoN4WZVIBtTPW0nODo0uQpH+1y9qyPdyjrCFwjdhXAKn5EE185ZzHk1ft5c
mcb58QoHAQaCuZqgi2gv8ZwxZ/LYFPS++Eu2iQTfV+8gld0WvNx79TI+C+8ONtJ+
g4yoYfjd3bQpCcoV76WAPhfXl+sbYFqF1chsLrv+E4x24LtB35d8NrqazUTBjskg
da2gm48FFEaX3GlcYx2jvl3ccwt8XN8ZSClC14XIJfr94AeL0OJAgzHVlAH2BwzD
PEeYOvJCrLvTBiPzxGc9Yf5ccp9P8vo23AH0kJSVR6F4YBOnPKHyUD2zJP79BQA1
6Mm6n7HBFZmpp4TQe6g8wVmaHC2wHMgfml7bZSbMitm3TjW36JTO9rcu8Jw9PwOu
9yrA0JnMeIlHHNexFhD6fKxs9/thEQQZarhrL7YNKc3RUOW5uHkfSpv/npkSqK/e
4SMyBZp+B90c6dJ861hTZtACmFq6fTBohvGCHIeZsxFUJQhbPd7aFb+yUlPRSc8t
3VOzeGA8Jf4g7H//D8ha1Zw3kuTJsRswZLz37Un98kDrcK1vQrUGWPaPyiCRIZ7u
ijYnxIz1qBgR7h5TBbTlb/bx5xq3Rdzjey5kT6/L17ntSClEpgphIWizEIGliNeK
TVaeIBlJzyy4M3O6brZPrpVGk+hWGZ57UwKp9bsznfx16KwMKaeHtDtv00MIJMyV
FslU6vhKJ5ipNT3j7CQeCf5vf/0Av+MGZB6SqslO0sbWxf5hFwLeGH/ANKxFPMr8
3h2zL4+3Vs4sRBg8wPXs1Ze74g24UV22oNMaLvJLkDLwazfn/vEoXgod2M/Nv5xV
BK9MKq2u9lA4emUbYoMQSCINa/GYxz8NsyHACOA4OhsHdXyynZwg7W1fCxHXH+7U
03iwQRs/Z1GpHc+GyshF+e9/GJ4aELHFzRuR5oaU7Pp0aYlC8T8POmQM70KTJEpy
sRS5rV4erRPMiILLFlpBxF6SbN1h55fhv1Ic7hrthiJHVzmeN/kRwH7UEFeSWS3C
1ijtu1XSEFrMU7qpB1ChnIuuYgjvwJzqO53vVFFabor4LMZmOJ8gmgQ5SONLtsWV
XfcO+20CK7exqjwyTMZLSqyjxEsYXYa6CKTDnqMpjkZw8FVeKbbnh1SVfg8MkVFR
ZemPRymvZokR78JP0UA67pNPx+lkBKihNWtT+Uvvwy33WswrjW8GdPLdwZZTU0GO
HAiJxwUI9itO0KaNYcoDABGLldpIUxETnRKmRVUUUW7ZmxppufD6qLosyegUN2n9
3FPwWG9xY1ojtKsJwwMzxuAWgo1Fb63EEPZ4PhcsgnZAi5pZ/DAD0W1D/1Rcig0=
=RNmb
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to