Ubuntu is not vulnerable to this issue as it uses an older version of xds-utils.
Please see the security tracker: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9622.html ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9622 ** Changed in: xdg-utils (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xdg-utils in Ubuntu. https://bugs.launchpad.net/bugs/1413643 Title: xdg-open command injection vulnerability Status in Xdg-utils: Unknown Status in xdg-utils package in Ubuntu: Invalid Status in xdg-utils package in Debian: Unknown Bug description: John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely. https://www.debian.org/security/2015/dsa-3131 To manage notifications about this bug go to: https://bugs.launchpad.net/xdg-utils/+bug/1413643/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
