Bug#1023732: marked as done (xfce4-settings: CVE-2022-45062: argument injection vulnerability in xfce4-mime-helper)
Your message dated Wed, 07 Dec 2022 19:02:38 +0000
with message-id <E1p2zgk-001t9O-Qv@fasolo.debian.org>
and subject line Bug#1023732: fixed in xfce4-settings 4.16.0-1+deb11u1
has caused the Debian Bug report #1023732,
regarding xfce4-settings: CVE-2022-45062: argument injection vulnerability in xfce4-mime-helper
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1023732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023732
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xfce4-settings: CVE-2022-45062: argument injection vulnerability in xfce4-mime-helper
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 09 Nov 2022 10:50:16 +0100
- Message-id: <166798741662.66360.6209217100841172704.reportbug@eldamar.lan>
Source: xfce4-settings
Version: 4.16.3-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for xfce4-settings.
CVE-2022-45062[0]:
| In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there
| is an argument injection vulnerability in xfce4-mime-helper.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-45062
https://www.cve.org/CVERecord?id=CVE-2022-45062
[1] https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 (not public)
[2] https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 (xfce4-settings-4.16.4)
[3] https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110 (xfce4-settings-4.17.1)
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xfce4-settings
Source-Version: 4.16.0-1+deb11u1
Done: Yves-Alexis Perez <corsac@debian.org>
We believe that the bug you reported is fixed in the latest version of
xfce4-settings, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1023732@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yves-Alexis Perez <corsac@debian.org> (supplier of updated xfce4-settings package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 Dec 2022 13:50:21 +0100
Source: xfce4-settings
Architecture: source
Version: 4.16.0-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Xfce Maintainers <debian-xfce@lists.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Closes: 1023732
Changes:
xfce4-settings (4.16.0-1+deb11u1) bullseye-security; urgency=medium
.
* d/gbp.conf: follow bullseye-security branch.
Gbp-dch: ignore
* d/patches: 0002-mime-settings-Properly-quote-command-parameters added.
Fix argument injection in xfce4-mime-helper (CVE-2022-45062)
(Closes: #1023732)
Checksums-Sha1:
1f351e4336d45aa134fadef809918ce714b7b28f 2084 xfce4-settings_4.16.0-1+deb11u1.dsc
3ae863cc28a74ea5847cb5a9be1261171eb8328f 1492754 xfce4-settings_4.16.0.orig.tar.bz2
6b5b66968fb1e8676bf7c2623c3f025478183e21 9668 xfce4-settings_4.16.0-1+deb11u1.debian.tar.xz
f49db60ece44ae94aaecfd8e4629646fdb7f6ae2 16485 xfce4-settings_4.16.0-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
226fdddf12965466f7808a6b835e0051ef87c2dd3eb82c14097938b7361eb1a4 2084 xfce4-settings_4.16.0-1+deb11u1.dsc
67a1404fc754c675c6431e22a8fe0e5d79644fdfadbfe25a4523d68e1442ddc2 1492754 xfce4-settings_4.16.0.orig.tar.bz2
f68138a8fc704e44224f5771aaf68a6e81dbc18a55c431d770de86cba2d69b29 9668 xfce4-settings_4.16.0-1+deb11u1.debian.tar.xz
ed38a969fdc5c1af77b83bc4fc8676266675addb04cf1f5db7218797888d6f73 16485 xfce4-settings_4.16.0-1+deb11u1_amd64.buildinfo
Files:
b8c2d4edf9b54465933d0b04788c2cf8 2084 xfce optional xfce4-settings_4.16.0-1+deb11u1.dsc
3aa1f4edb1190f5c164d5760688f247a 1492754 xfce optional xfce4-settings_4.16.0.orig.tar.bz2
2c5f29960631db3d4677c3d9ffd711db 9668 xfce optional xfce4-settings_4.16.0-1+deb11u1.debian.tar.xz
26090e0472450d7cecf76116feb1dac8 16485 xfce optional xfce4-settings_4.16.0-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmOMeKsACgkQ3rYcyPpX
RFujtAf+K0RZlsA67Z6/9C6Qp33GquJXmc29q0SRFoLzW6OjyMwhQDxD6llkPtsG
D8RLuPS9uPyV6NE32eTJRTc1Ihpp3BOQ3PF5D2bZHoQXWuIaNaJ8gfFTX6i9wban
tpbBUaThdS796fGb2Oum3/oIdTz0/2yB4GRYq/yIKKxNKO6qG8R2KIlFIJFOWEak
Q9Xvs3S4K2udRBJabOPmCT8V54WbH4kVa9L20yZMq+YCOxHg3cCoQ7B43wFOZYvL
2CWcio4GDSfe0CXuMEhQSvNkatMHhacFqPEMXTuNLXAsIyF6bKR6Wu3mpgnQfYS6
dd9TMwbvqSU+BrgTfdDs37Zu857Hdg==
=y77z
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: