Bug#1072124: gnome-shell: CVE-2024-36472

2024-09-06 Thread Jeremy Bícha
On Sat, Aug 17, 2024 at 8:45 AM Salvatore Bonaccorso wrote: > That said, as mentioned in the notes of the CVE, no DSA is planned but > a fix could be done via an upcoming point release. We ran out of time with other priorities to copy Ubuntu's gnome-shell hardening into Debian 12.7. There is prob

Bug#1072124: gnome-shell: CVE-2024-36472

2024-08-17 Thread Salvatore Bonaccorso
Hi, On Sat, Aug 17, 2024 at 12:18:46PM +0100, John Steeves wrote: > Hello, > I noticed that Ubuntu recently updated their supported versions of > gnome-shell to patch this vulnerability. However, it hasn't been patched in > the gnome-shell packages in the Debain repos as of yet. > > Is there a ro

Bug#1072124: gnome-shell: CVE-2024-36472

2024-08-17 Thread John Steeves
Hello, I noticed that Ubuntu recently updated their supported versions of gnome-shell to patch this vulnerability. However, it hasn't been patched in the gnome-shell packages in the Debain repos as of yet. Is there a roadmap for when gnome-shell 43.9 will be patched for Debian stable (bookworm)?

Bug#1072124: gnome-shell: CVE-2024-36472

2024-05-29 Thread Jeremy Bícha
On Tue, May 28, 2024 at 5:37 PM Moritz Muehlenhoff wrote: > > On Tue, May 28, 2024 at 05:33:32PM -0400, Jeremy Bícha wrote: > > Control: forwarded -1 > > https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 > > > > On Tue, May 28, 2024 at 5:24 PM Moritz Mühlenhoff wrote: > > > CVE-2024-36472

Bug#1072124: gnome-shell: CVE-2024-36472

2024-05-28 Thread Moritz Muehlenhoff
On Tue, May 28, 2024 at 05:33:32PM -0400, Jeremy Bícha wrote: > Control: forwarded -1 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 > > On Tue, May 28, 2024 at 5:24 PM Moritz Mühlenhoff wrote: > > CVE-2024-36472[0]: > > | In GNOME Shell through 45.7, a portal helper can be launched > >

Bug#1072124: gnome-shell: CVE-2024-36472

2024-05-28 Thread Jeremy Bícha
Control: forwarded -1 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 On Tue, May 28, 2024 at 5:24 PM Moritz Mühlenhoff wrote: > CVE-2024-36472[0]: > | In GNOME Shell through 45.7, a portal helper can be launched > | automatically (without user confirmation) based on network responses >

Bug#1072124: gnome-shell: CVE-2024-36472

2024-05-28 Thread Moritz Mühlenhoff
Source: gnome-shell X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for gnome-shell. CVE-2024-36472[0]: | In GNOME Shell through 45.7, a portal helper can be launched | automatically (without user confirmation) based on network