[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1023732: marked as done (xfce4-settings: CVE-2022-45062: argument injection vulnerability in xfce4-mime-helper)

Your message dated Sat, 12 Nov 2022 00:21:15 +0000
with message-id <E1oteGp-00Er7q-7u@fasolo.debian.org>
and subject line Bug#1023732: fixed in xfce4-settings 4.16.4-1
has caused the Debian Bug report #1023732,
regarding xfce4-settings: CVE-2022-45062: argument injection vulnerability in xfce4-mime-helper
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1023732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023732
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: xfce4-settings
Version: 4.16.3-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for xfce4-settings.

CVE-2022-45062[0]:
| In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there
| is an argument injection vulnerability in xfce4-mime-helper.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-45062
    https://www.cve.org/CVERecord?id=CVE-2022-45062
[1] https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 (not public)
[2] https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 (xfce4-settings-4.16.4)
[3] https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110 (xfce4-settings-4.17.1)

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: xfce4-settings
Source-Version: 4.16.4-1
Done: Unit 193 <unit193@debian.org>

We believe that the bug you reported is fixed in the latest version of
xfce4-settings, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1023732@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Unit 193 <unit193@debian.org> (supplier of updated xfce4-settings package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Format: 1.8
Date: Fri, 11 Nov 2022 18:43:28 -0500
Source: xfce4-settings
Architecture: source
Version: 4.16.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xfce Maintainers <debian-xfce@lists.debian.org>
Changed-By: Unit 193 <unit193@debian.org>
Closes: 1023732
Changes:
 xfce4-settings (4.16.4-1) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Debian Janitor ]
   * Remove constraints unnecessary since buster
 .
   [ Unit 193 ]
   * New upstream version 4.16.4.
     - Escape characters which do not belong into an URI/URL.
       Closes: #1023732, CVE-2022-45062.
   * d/control: Drop version constraints no longer needed.
Checksums-Sha1:
 5197bfa89f71c93011f3a3af76d356bbfc316531 2320 xfce4-settings_4.16.4-1.dsc
 7c0b922d808cc71b4446d0e71b0576a3bda10365 1498757 xfce4-settings_4.16.4.orig.tar.bz2
 7a9d4c3732abc85069b8f560b3774d81dd331bd9 9064 xfce4-settings_4.16.4-1.debian.tar.xz
 df44068ddaafbfd7274ffdf01d49bd216d98b2e7 16214 xfce4-settings_4.16.4-1_amd64.buildinfo
Checksums-Sha256:
 6570c8362c47be8e118d366b3b173e0cfcc8246ce826785cff0354e5ebfc59ed 2320 xfce4-settings_4.16.4-1.dsc
 18aba42fd251406881176b8ded9b3aa5b49f50f2dc6bd447c1cb495f81a0a3ed 1498757 xfce4-settings_4.16.4.orig.tar.bz2
 b203124854a5a843872c65d9ef46303eb2ec9f8837683cbbba7bab9b81143b45 9064 xfce4-settings_4.16.4-1.debian.tar.xz
 489ab93f540f8d99400dec5e05a76df44e662cff36977c6a360e64f9f2b79322 16214 xfce4-settings_4.16.4-1_amd64.buildinfo
Files:
 a29e6d5e4371c13f0cd042bf4cdcdc51 2320 xfce optional xfce4-settings_4.16.4-1.dsc
 c44ce3e5468925c4f107b4fa2cb4591a 1498757 xfce optional xfce4-settings_4.16.4.orig.tar.bz2
 cddc00873de1e55950895905c708addf 9064 xfce optional xfce4-settings_4.16.4-1.debian.tar.xz
 c6ce37063f22a62dd72f31cbd1f58f14 16214 xfce optional xfce4-settings_4.16.4-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCQAdFiEEjbPlhoZdK0orGFpcUAHhsJqjdEsFAmNu4VIACgkQUAHhsJqj
dEtP/A/+P32cotvqMy4xeCNSGEfJDJk4i2+qkcSPQzxn94cyifJl6yba/VG9Gm4O
l6GSFzeJhMPzWxmfJVAlWUSWnpIdIeUICjBX7yaOocJuRycGMpiTGK1/X7m5KRu0
G6rUIQMIANqKs2lzyC0DXpmDqyyUixQfPIF+G3cjfLmMgH1QK2TmDtkP9E2zW5Bv
3Nk3L2BuLC93Pae8YU/XeQkNGtIgt0jTbi+ZSzf7FrT6kqzJhkdXF2bdItE0aG1+
zO5miWTyTTI+Z+ly/aZYlnsJdSJC+MWDsPQ9Ynacr4uiGYKRne3omF7bxB9diB4s
XVdenrGFIVtPLcvI8X8ABAJY+wpqqgUYvY4jwIkH9NpCFmX/707abIdguALtRT3r
MB8mPTwnvllSjDqXVD2Q3TXdv2gPZwuEiAFoqvgZgBHbIq7XajWhTiEb6Pn+tX2M
bQ/5hUBqPxgpiqEO/mGVbK3pQRDYulVGJw2u8rsnmk8n/BZzFATUbbsrp3FiE+um
slwncTWObpDOgf33sqSGwwb+Hgu95wcoGmv9HlPwUPlWJdrfUoqrIWFyOJ4AGvYh
pDrII5lXCzDkF1c3eOQicNvtThIrwkqnmiDxgzhlEzElE3iJuhTv+3J77OkJ35Yk
5ab7NabEIu3VLB6Uibk+xCmVpsInqHYNVfWcXAtEoVLWBl2bzMk=
=jXM0
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: