Public bug reported:
John Houwer discovered a way to cause xdg-open, a tool that
automatically opens URLs in a user's preferred application, to execute
arbitrary commands remotely.
** Affects: xdg-utils
Importance: Unknown
Status: Unknown
** Affects: xdg-utils (Ubuntu)
Importance: Undecided
Status: New
** Affects: xdg-utils (Debian)
Importance: Unknown
Status: Unknown
** Bug watch added: Debian Bug tracker #773085
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773085
** Also affects: xdg-utils (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773085
Importance: Unknown
Status: Unknown
** Bug watch added: freedesktop.org Bugzilla #66670
https://bugs.freedesktop.org/show_bug.cgi?id=66670
** Also affects: xdg-utils via
https://bugs.freedesktop.org/show_bug.cgi?id=66670
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xdg-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1413643
Title:
xdg-open command injection vulnerability
Status in Xdg-utils:
Unknown
Status in xdg-utils package in Ubuntu:
New
Status in xdg-utils package in Debian:
Unknown
Bug description:
John Houwer discovered a way to cause xdg-open, a tool that
automatically opens URLs in a user's preferred application, to execute
arbitrary commands remotely.
To manage notifications about this bug go to:
https://bugs.launchpad.net/xdg-utils/+bug/1413643/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
