Kinetic has now reached end-of-life. There is nothing else to sponsor in
this bug for now.
I am unsubscribing ubuntu-security-sponsors. If a new debdiff is
attached for sponsoring, please re-subscribe the team. Thanks!
** Changed in: nemo (Ubuntu Kinetic)
Status: In Progress => Won't Fix
As I don't see anything actionable right now, and there's been no
movement since my last ping, I'll remove the ubuntu-sponsors
subscription. Please re-add that in case any additional sponsoring is
needed.
--
You received this bug notification because you are a member of Desktop
Packages, which
Is there anything that still needs to be done here? Are we waiting for
backports to earlier series?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060
Title:
CVE-2022-37290:
Oh, that would be great, I could release them all at once. Thanks!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060
Title:
CVE-2022-37290: Pasted zip archive/invalid file
Yep! (Hostname says "2210Test". I meant to say Kinetic but it doesn't
happen on Lunar. Want me to try backporting to other releases?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
The update is for kinetic, did you test it on kinetic?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060
Title:
CVE-2022-37290: Pasted zip archive/invalid file causes NPD
No reproduction on Lunar for Nemo. Syslog does not show any errors
** Attachment added: "Screenshot from 2023-02-11 18-09-13.png"
https://bugs.launchpad.net/ubuntu/+source/nemo/+bug/1998060/+attachment/5646439/+files/Screenshot%20from%202023-02-11%2018-09-13.png
--
You received this bug
ACK on the debdiff in comment #8. I have slightly adjusted it to add the
bug number to the changelog and to fix the urls in the patch. I have
uploaded it to the security team PPA here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa
Please test it to make sure it works
The attachment "nemo_5.4.3-2ubuntu0.1.debdiff" seems to be a debdiff.
The ubuntu-sponsors team has been subscribed to the bug report so that
they can review and hopefully sponsor the debdiff. If the attachment
isn't a patch, please remove the "patch" flag from the attachment,
remove the "patch"
Applied the patches, not getting any nasty messages in /var/log/syslog
** Patch added: "nemo_5.4.3-2ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1998060/+attachment/5639800/+files/nemo_5.4.3-2ubuntu0.1.debdiff
** Changed in: nemo (Ubuntu Kinetic)
Status:
Fix released for nautilus 1:43.0-1ubuntu2.1
nautilus (1:43.0-1ubuntu2.1) kinetic-security; urgency=medium
* SECURITY UPDATE: crash via invalid zip file
- debian/patches/CVE-2022-37290.patch: fix crash when copying an
invalid file in src/nautilus-dbus-manager.c,
Fix in version 5.6.1, sitting in proposed
** Changed in: nemo (Ubuntu Lunar)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060
Title:
taking responsibility for SRU
** Changed in: nemo (Ubuntu Kinetic)
Assignee: (unassigned) => Joshua Peisach (itzswirlz)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060
taking responsibility for SRU
** Changed in: nemo (Ubuntu Focal)
Assignee: (unassigned) => Joshua Peisach (itzswirlz)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060
taking responsibility for SRU
** Changed in: nemo (Ubuntu Jammy)
Assignee: (unassigned) => Joshua Peisach (itzswirlz)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060
Part of Debian Cinnamon Team - assign latest release with fix to me
** Changed in: nemo (Ubuntu Lunar)
Assignee: (unassigned) => Joshua Peisach (itzswirlz)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060
Title:
CVE-2022-37290: Pasted zip archive/invalid file
17 matches
Mail list logo
