Bug#773085: marked as done (xdg-utils: CVE-2014-9622: command injection vulnerability)

Tue, 20 Jan 2015 13:23:20 -0800 

Your message dated Tue, 20 Jan 2015 21:17:12 +0000
with message-id <e1ydgai-0002rq...@franck.debian.org>
and subject line Bug#773085: fixed in xdg-utils 1.1.0~rc1+git20111210-6+deb7u2
has caused the Debian Bug report #773085,
regarding xdg-utils: CVE-2014-9622: command injection vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
773085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773085
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
package: src:xdg-utils
severity: serious
version: 1.0.2+cvs20100307-2
control: tag -1 patch
control: forwarded -1 https://bugs.freedesktop.org/show_bug.cgi?id=66670

A command injection issue was disclosed for xdg-open:
http://seclists.org/fulldisclosure/2014/Nov/36

Patch for testing here:
https://bugs.freedesktop.org/attachment.cgi?id=109536

Best wishes,
Mike

--- End Message ---
--- Begin Message --- 
Source: xdg-utils
Source-Version: 1.1.0~rc1+git20111210-6+deb7u2

We believe that the bug you reported is fixed in the latest version of
xdg-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 773...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated xdg-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 18 Jan 2015 23:02:46 +0000
Source: xdg-utils
Binary: xdg-utils
Architecture: source all
Version: 1.1.0~rc1+git20111210-6+deb7u2
Distribution: stable-security
Urgency: high
Maintainer: Per Olofsson <pe...@debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description: 
 xdg-utils  - desktop integration utilities from freedesktop.org
Closes: 773085
Changes: 
 xdg-utils (1.1.0~rc1+git20111210-6+deb7u2) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fix command injection vulnerability in xdg-open (closes: #773085).
Checksums-Sha1: 
 027362d50c30e281cd5f7e9772ba591d98d60f31 2722 
xdg-utils_1.1.0~rc1+git20111210-6+deb7u2.dsc
 5ff3bdce38395b73ebc499fd206685e4eb5ebfc5 327534 
xdg-utils_1.1.0~rc1+git20111210.orig.tar.gz
 bcc8b500688e4fde726ab4b7fe633c0091fd01f0 11566 
xdg-utils_1.1.0~rc1+git20111210-6+deb7u2.debian.tar.gz
 4f95e3527409fdfa613ba6294dc1e5463197f70f 82480 
xdg-utils_1.1.0~rc1+git20111210-6+deb7u2_all.deb
Checksums-Sha256: 
 0a82f5c4c1c0de7ae6b88f7cc4733363ef7a93b67fcc161745243b41a248e1d5 2722 
xdg-utils_1.1.0~rc1+git20111210-6+deb7u2.dsc
 cb1a9898d5c6dbf23d924e3d6b12df8ea2ab883380bda1f0d4b010bd86fd2015 327534 
xdg-utils_1.1.0~rc1+git20111210.orig.tar.gz
 bbd8793ba4d7ddf42615a2e778ee0e0e75f9510cf455a2a14d67c490b7b629f9 11566 
xdg-utils_1.1.0~rc1+git20111210-6+deb7u2.debian.tar.gz
 1bcd90e7d198af7d9b79588b460a5254e4ee3b7d9bf52bcf47e04c1ed8db732b 82480 
xdg-utils_1.1.0~rc1+git20111210-6+deb7u2_all.deb
Files: 
 4421e1c14118c6d9900e11aa4940000d 2722 utils optional 
xdg-utils_1.1.0~rc1+git20111210-6+deb7u2.dsc
 1238359ea2c99246e1ba8292c4eabd32 327534 utils optional 
xdg-utils_1.1.0~rc1+git20111210.orig.tar.gz
 8fa0e0783519c073636eedfb8b502433 11566 utils optional 
xdg-utils_1.1.0~rc1+git20111210-6+deb7u2.debian.tar.gz
 e015fcc8f6794eae92fd0cfa891f5098 82480 utils optional 
xdg-utils_1.1.0~rc1+git20111210-6+deb7u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJUvD3NAAoJELjWss0C1vRzREwf/jFQ01WcHTHMW0LJA+E8pIur
WkSCQaX4DX06JRoD8dhedm6abcxU6RGYZcK+YOwbyqlRW/e5ESMNN3r4r9W/LwWu
lG8+FYY6drtycYSCGpR/vikj6X2sZFOBG0rfWaceKWNMyWXnOO4pMR6RY6ZXpsOk
nR7OMmJhKFlBtxUJRAazksnJ4oqu1QnTdz14BqOYK/4md4vdtQ3vfGEA9i0Ym45l
dbJuimywZAW9IG79yRqlwGJ5lUSBWlgp4KvmSwsTvEwQvVO772C/kK2SF2FrzdP7
Ud7bZvUz3nG3yTFLNadF3M6ANtI88YIECQwg6EunXZ28NuD2YXgeJX0P0U7q9hNI
LNZ3QEcRH4huuvUFmia9lCQk26a6vIl4braXdcQ9BXsqiSoUAzAKpS5DxGCz58yk
FF+25m6kuN81tKdKbORSeXiMgXHNRIDnCNdmldZunKyBb/EtCB0v2KZfQ3j9ho6v
y3W5/kBy/w13r4C8dYOQZ+jVrJZxW0Y5XfiTeYVIfL8WXhyiRkpQo0Ci9nl2Vq1B
Rqnpw0YJgb2orC/UiGztK1PrL9mfm860sYodJVPmhkJiAAuhRfAa6BzZu+pvnUbP
z0omCkV0IZyVqny/5hx0lwcQFO6h+sKaBgtCiszdrUQkMNKtw4/5B41dnHhPRLLA
f04/P25dEuz9tG851ZO7c7ZMkBamILUuvRWCUkQvPUCPzRZcXKQ6hVtWNLJ8x5gn
MA60q4JP1U1YYwxSzsEowbCRqRJR8RGHbKkd0l5/f/lZWMn5aPIv+ipWm0teKqb5
hRBhc3f54JnBv7HvTEyikqStPwfwidXImMieevVMRxO3WIOXHxw9bmZW/9iPd/Nk
YVcwuCoOZP2FsobpvUb0uj4deO7dsPuD2ha+qLzuRsN8X4vkz238egm8OUN/mkDK
OcWnvI+QlqEtEGcbH67TlrFcm7q4O9JkYMIsV1odLBiSJxyEv5cRi1w6ijmLaBDX
yiZtZjLbOwqE+fTYt3F8k4hVXWz2Os6dazy3xt/7JSJvEyyY76hyN41XMK9c6By8
ZYTc7EDVPpM8cuGkcM52E2HjUlB6/YPm+cI0qxQ9cVA6ZHEpvPvcwnQ1V0G3Cyd9
q1SUT1Y6DtYx/XtSnWIX77ReZyDyZWhSgoL2qkabdULte2kcppy7tF47KGeS4xh0
DLLiayi8wz/xKaG7oXOmOcdS+AtsVleBeMMiXefwP7iQ+KfcDnUm0OrVZlhwSqE4
Gv1UvVCdWc/hJqz6WnAGbp6NSQAY7Dre6rF/6OkCMR5QAVp0XgWPf/cnpG66NACa
I6qGTiuTWLlUxLIdaSCzK33G4jVsAC9Nghw7wxHUBsAoNnzbzH8HpIRZwo8gigE=
=G9ks
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to