-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2023 19:11:30 +0000 Source: budgie-extras Built-For-Profiles: noudeb Architecture: source Version: 1.7.1-1 Distribution: unstable Urgency: medium Maintainer: David Mohammed <fossfreedom@ubuntu.com> Changed-By: David Mohammed <fossfreedom@ubuntu.com> Launchpad-Bugs-Fixed: 2044373 Changes: budgie-extras (1.7.1-1) unstable; urgency=medium . * SECURITY UPDATE: Predictable /tmp path could lead to denial-of-service/manipulation of data for clockworks applet (LP: #2044373) - d/patches/clockwork-tmpxdg.patch: change /tmp path usage to use XDG_RUNTIME_DIR/HOME user-space locations, thanks to original author d/patches/clockwork-tmpxdg-pep8.patch: resolve pep8 package test failure, thanks to original author - CVE-2023-49342 * SECURITY UPDATE: Predictable /tmp path could lead to denial-of-service/manipulation of data for dropby applet (LP: #2044373) - d/patches/dropby-tmpxdg.patch: change /tmp path usage to use XDG_RUNTIME_DIR/HOME user-space locations d/patches/dropby-tmpxdg-pep8.patch: resolve pep8 package test failure, thanks to original author - CVE-2023-49343 * SECURITY UPDATE: Predictable /tmp path could lead to denial-of-service/manipulation of data for shuffler app (LP: #2044373) - d/patches/shuffler-tmpxdg.patch: change /tmp path usage to use XDG_RUNTIME_DIR/HOME user-space locations, thanks to original author - CVE-2023-49344 * SECURITY UPDATE: Predictable /tmp path could lead to denial-of-service/manipulation of data for takeabreak applet (LP: #2044373) - d/patches/takeabreak-tmpxdg.patch: change /tmp path usage to use XDG_RUNTIME_DIR/HOME user-space locations, thanks to original author d/patches/takeabreak-tmpxdg-pep8.patch: resolve pep8 package test failure, thanks to original author d/patches/takeabreak-tmpxdg-pep8_part2.patch: resolve pep8 package test failure, thanks to original author - CVE-2023-49345 * SECURITY UPDATE: Predictable /tmp path could lead to denial-of-service/manipulation of data for weathershow applet (LP: #2044373) - d/patches/weathershow-tmpxdg.patch: change /tmp path usage to use XDG_RUNTIME_DIR/HOME user-space locations, thanks to original author - CVE-2023-49346 * SECURITY UPDATE: Predictable /tmp path could lead to denial-of-service/manipulation of data for window previews applet (LP: #2044373) - d/patches/wpreviews-tmpxdg.patch: change /tmp path usage to use XDG_RUNTIME_DIR/HOME user-space locations, thanks to original author - CVE-2023-49347 * Drop existing patch since the new release incorporates this Checksums-Sha1: a5fb281a83ed250014f696a31f3245a59384410d 4800 budgie-extras_1.7.1-1.dsc 67cb464d4b88f35b17fdd0c4efe7c2813fc769eb 10048040 budgie-extras_1.7.1.orig.tar.xz 660eb6478eff8e81531627410c983c618a0d2ff4 833 budgie-extras_1.7.1.orig.tar.xz.asc 88b4d1be352d3a5b0767dc9208ab6e701318a104 19520 budgie-extras_1.7.1-1.debian.tar.xz e7fc7d06adac3844669ff48468bb3177a746b20a 23134 budgie-extras_1.7.1-1_source.buildinfo Checksums-Sha256: c7c8044aefc620ac1049aa2f81883f83c6e766c31b8ad65686e0a83ecaf6a03e 4800 budgie-extras_1.7.1-1.dsc 1d3a326b3e8066206fe57322f4c6d4d71f5a8c7c798b76399a6a8d2690139c78 10048040 budgie-extras_1.7.1.orig.tar.xz b025e68504b3de0a53fc982dd3c9b5d2078f78e50b08b7d50e7ce24788fa70a2 833 budgie-extras_1.7.1.orig.tar.xz.asc efe94fdcc402197ddfd8f9cbae254484eb3ecac105a78b3aa476ecdba7c88136 19520 budgie-extras_1.7.1-1.debian.tar.xz 4d83e7c10376aaa5768ad9f12d4587bed4dddfa97417342495951f72df649fc7 23134 budgie-extras_1.7.1-1_source.buildinfo Files: cfb8345bae2203d7c3218caec4870fa6 4800 misc optional budgie-extras_1.7.1-1.dsc 99028c4f647a7d969286854e6cda6a6a 10048040 misc optional budgie-extras_1.7.1.orig.tar.xz 4cd2f69ef54c9b56a4745002e9b17d3a 833 misc optional budgie-extras_1.7.1.orig.tar.xz.asc 3706307e4693e82f85d276de46f8f449 19520 misc optional budgie-extras_1.7.1-1.debian.tar.xz e2ffc0c8ab1df3ebcbe10ba820be7c7a 23134 misc optional budgie-extras_1.7.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHh+wAXyZiorixJimwuqoomrcWe4FAmV6rNIACgkQwuqoomrc We7bPg/9EocM0d73cUHIRE9zE/oEYYgjlncqHHyGJLbCGukJtyiOaaMJ/+aogjwt Gbij8HB9Mm3nVfd2pmLlFUCN9HjmLvuRZEH0tz8gEW/x0/Qvs+kWqrZXgQofifvu pGhbgl8JSRVZL/s6KLm+z0z/1GUW4SRRZGlrd6b5XFIn/OJnBZo8FsdXSt9XvgSh h2fY2YnYOJ+65PJdk66K1Kl/iZ34v2CK8awOH4Oe1Wr5FPhhizEMrAWEStZFeCe9 PWdNMR+8N+8qKS2S9v0+M+TqvVs/H8ltlLknCZCkPdGHBheK/v7WU2KZqTsrCPsL a4+LGfR7PE3BFf+SYz2OynUMuzawQlwHOTMDjHvJcrsG2rJ1bOTFJVmgsDyZynfY ZP2/CMpD8vTvzqJ4Pl7dR3rLGscqICk58LWOcIhruz8BTwbABnYAkRbzg+SdlyCd YcWrrEyJOHORlSgqJTgMQ0uf/6JNKjWrXmfbMK68dDBrVb7ofZU5XiN1kcdZ+D26 Jzm5OkSRcp7jPHDHbk/OxzFhT3beR5e5rtFpZX6wFrHYmXp8k5M1SazBlcz5M8TD 0wxNvO5ml7x/UeZ/axj0v1RPyINC1XacDtwnj1PaFE1WTcJXx+iaNBWMXqvsvNNb U9zjg/9ZUPp8Zs56B2YCsBI29BnEpKwEzUX6Rtmj8cnZdImkyNI= =+Y2P -----END PGP SIGNATURE-----
