Bug#1013129: exo: CVE-2022-32278
Source: exo
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for exo.
CVE-2022-32278[0]:
| XFCE 4.16 allows attackers to execute arbitrary code because xdg-open
| can execute a .desktop file on an attacker-controlled FTP server.
https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-32278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32278
Please adjust the affected versions in the BTS as needed.
Reply to: