Source: thunar Version: 4.16.4-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 4.16.3-1
Hi, The following vulnerability was published for thunar. CVE-2021-32563[0]: | An issue was discovered in Thunar before 4.16.7 and 4.17.x before | 4.17.2. When called with a regular file as a command-line argument, it | delegates to a different program (based on the file type) without user | confirmation. This could be used to achieve code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-32563 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32563 [1] https://marc.info/?l=oss-security&m=162058938307965&w=2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
