← Back to team overview

desktop-packages team mailing list archive

[Bug 1413643] Re: xdg-open command injection vulnerability

 

** Changed in: xdg-utils (Debian)
       Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xdg-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1413643

Title:
  xdg-open command injection vulnerability

Status in Xdg-utils:
  Unknown
Status in xdg-utils package in Ubuntu:
  Invalid
Status in xdg-utils package in Debian:
  Fix Released

Bug description:
  John Houwer discovered a way to cause xdg-open, a tool that
  automatically opens URLs in a user's preferred application, to execute
  arbitrary commands remotely.

  https://www.debian.org/security/2015/dsa-3131

To manage notifications about this bug go to:
https://bugs.launchpad.net/xdg-utils/+bug/1413643/+subscriptions


References