Debian Package Tracker

general

source: pyxdg (main)
version: 0.25-5
maintainer: Debian Python Modules Team (archive) [DMD]
uploaders: Andrew Starr-Bochicchio [DMD] – Piotr Lewandowski [DMD]
arch: all
std-ver: 3.9.5
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.25-4
old-sec: 0.25-4+deb8u1
stable: 0.25-4
testing: 0.25-5
unstable: 0.25-5

versioned links

0.25-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.25-4+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.25-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-xdg (1 bugs: 0, 1, 0, 0)
python3-xdg

action needed

A new upstream version is available: 0.26 high

A new upstream version 0.26 is available, you should consider packaging it.

Created: 2019-03-28 Last update: 2019-06-25 09:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-12761: A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

Please fix it.

Created: 2019-06-06 Last update: 2019-06-22 01:07

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 3.9.5).

Created: 2018-04-16 Last update: 2019-02-17 20:34

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.26-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 144985db9436f2bcd5dbcd6c2e9ce02fc41905b7
Merge: 35d66bd 51ad98b
Author: Simon McVittie <smcv@debian.org>
Date:   Sun Feb 17 12:14:02 2019 +0000

    Merge branch 'debian/buster'

commit 35d66bd01603ff056c7c58c8f78583c808a1e528
Author: Chris Lamb <lamby@debian.org>
Date:   Mon Dec 24 09:40:49 2018 +0000

    Remove trailing whitespaces.

commit b0ae902261c24d65286774ed3d3e4c724539b096
Author: Chris Lamb <lamby@debian.org>
Date:   Mon Sep 17 17:23:10 2018 +0100

    Remove trailing whitespaces.

commit c6af0bae60bdc8519b5ffbb450ccac633a8de632
Author: Ondřej Nový <onovy@debian.org>
Date:   Wed Aug 8 09:10:00 2018 +0200

    Convert git repository from git-dpm to gbp layout

commit 6fd01c797bd28a003fe6061e08531629b544a165
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon May 14 07:50:54 2018 +0200

    d/control: Remove ancient X-Python3-Version field

commit fe96652b9083824372b09c7a38819f19eeddbd1c
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon May 14 07:50:53 2018 +0200

    d/control: Remove ancient X-Python-Version field

commit 2ed510650d5271893fa3ae1ade49a95157e32857
Author: Andrew Starr-Bochicchio <asb@debian.org>
Date:   Sun Apr 29 22:34:16 2018 -0400

    Build using pybuild.

commit 1fe5feae66ff325cdbc90fbfc46b1055ea3b7499
Author: Andrew Starr-Bochicchio <asb@debian.org>
Date:   Sun Apr 29 22:21:19 2018 -0400

    New upstream release.
     - Add support for Scale and ScaledDirectories keys (Closes: #877202).
     - DesktopEntry: New method findTryExec() (Closes: #618514).
    * Drop patches applied upstream: fix-DesktopEntry-docstring.patch
      prefer-first-glob-for-finding-mimetype.patch, and
      fix-insecure-use-of-tmp.patch.

commit a107685d0b833520a34ef5b709d690728056308d
Merge: f38624e a75504e
Author: Andrew Starr-Bochicchio <asb@debian.org>
Date:   Sun Apr 29 21:59:48 2018 -0400

    Update upstream source from tag 'upstream/0.26'
    
    Update to upstream version '0.26'
    with Debian dir b8e0585aa737f2257f9745888aa0d6c097453236

commit a75504e50f7898dde3bd123343374afe481a397a
Author: Andrew Starr-Bochicchio <asb@debian.org>
Date:   Sun Apr 29 21:59:48 2018 -0400

    New upstream version 0.26

commit f38624ea7ec06c01342772dcb9cbf37db827ebff
Author: Piotr Ożarowski <piotr@debian.org>
Date:   Tue Mar 27 14:11:07 2018 +0200

    Add dh-python to Build-Depends

commit 1da9136887854c492b789ddd1f26a757f5e5d149
Author: Ondřej Nový <onovy@debian.org>
Date:   Fri Mar 16 10:25:51 2018 +0100

    d/control: Remove XS-Testsuite field, not needed anymore

commit 94a22f267726ec3bebddab51908c1aabf5ef4490
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Mar 12 23:09:49 2018 +0100

    d/changelog: Remove trailing whitespaces

commit 0d198a67224c06351e13cd99cb372966369d6285
Author: Ondřej Nový <onovy@debian.org>
Date:   Tue Feb 13 10:00:44 2018 +0100

    d/control: Set Vcs-* to salsa.debian.org

commit c467d4052191e07bfac37e76b38b7bc75cfacedb
Author: Ondřej Nový <novy@ondrej.org>
Date:   Tue Mar 29 22:29:35 2016 +0200

    Fixed VCS URL (https)

commit d920fe5b1578ae2f5e10c6f6146d8132084b8e44
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:20 2015 -0700

    Update Vcs fields for git migration

commit 8147a42319b20f5519ad09b14a2e104a880c76e3
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:20 2015 -0700

    git-dpm config

commit 3c9c9ff22f0023277777f7af9216e3e375eab614
Merge: 4366d93 2ba820c
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:19 2015 -0700

    Initialize git-dpm

commit 2ba820ca70e602813eeded019235ec7656ec1d89
Author: Thomas Kluyver <takowl@gmail.com>
Date:   Thu Jan 23 15:09:51 2014 -0800

    Improve security of get_runtime_dir(strict=False)
    
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=73878
    Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247
    Origin: upstream, https://github.com/takluyver/pyxdg/commit/bd999c1c3fe7ee5f30ede2cf704cf03e400347b4
    
    Fixes fd.o bug #73878.
    Patch-Name: fix-insecure-use-of-tmp.patch

commit 669747c318f2038bdf9672ea0039471fe84c7a3e
Author: Thomas Kluyver <takowl@gmail.com>
Date:   Thu Oct 8 13:34:18 2015 -0700

    Prefer first glob (in shared-mime-info database) for finding mimetype, not last
    
    Origin: upstream, commit:f87e662ed27edf88152dd6980120b2cf64890db9
    
    Patch-Name: prefer-first-glob-for-finding-mimetype.patch

commit 8ea1f236bf7ca47dfe0686c982a24f39ed4cb019
Author: Michael Vogt <michael.vogt@ubuntu.com>
Date:   Thu Oct 8 13:34:17 2015 -0700

    support Gettext-Domain fields
    
     Support X-GNOME-Gettext-Domain and X-Ubuntu-Gettext-Domain fields
     in .desktop files, for dynamic translation support.
     .
     Currently it's Ubuntu-specific, but it may be implemented in GNOME
     later, see https://bugzilla.gnome.org/569829.
    Forwarded: not-needed
    Last-Update: 2013-03-08
    
    Patch-Name: gettext-support.patch

commit ae43d8229e65a3e45b300f04f8e4a5b939288007
Author: Ryan Kavanagh <rak@debian.org>
Date:   Thu Oct 8 13:34:16 2015 -0700

    Set default menu to be parsed
    
     Upstream defaults to applications.menu, which isn't provided by Debian. We'll
     try upstream's default, falling back to debian-menu.menu if it doesn't exist.
    Origin: vendor
    Bug-Debian: http://bugs.debian.org/654978
    Forwarded: no
    Last-Update: 2012-03-09
    
    Patch-Name: set-default-menu.patch

commit 6576cb2f9f09e185f339b6d359faf0972e3fc0fd
Author: Piotr Lewandowski <piotr.lewandowski@gmail.com>
Date:   Thu Oct 8 13:34:15 2015 -0700

    Fix version number of Desktop Entry Specification in docstring
    
    Forwarded: yes
    
    Patch-Name: fix-DesktopEntry-docstring.patch

commit 206ca28ed2781e161bcf6598ea71496f11dffcb2
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:10 2015 -0700

    Imported Upstream version 0.25

commit ffee0b118baa21ee9a0e38be8dc20982c78dea97
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:10 2015 -0700

    Imported Upstream version 0.24

commit ae71d489ec44210976f312decb3a9cbfa91327ed
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:07 2015 -0700

    Imported Upstream version 0.19

commit 445a40834815adfecfa475d77d4d32d152adf5cd
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:06 2015 -0700

    Imported Upstream version 0.18

commit b718a190b30c3556ca9cffc6976880c82a9560fb
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:06 2015 -0700

    Imported Upstream version 0.17

commit 5b492e1e9f6027346daf500b65812a49a73d5097
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:04 2015 -0700

    Imported Upstream version 0.15

commit 08caae227333636af8537fe11f5ea6f04526e513
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:03 2015 -0700

    Imported Upstream version 0.14

commit be96476c2ada45f0b3af54b7df7513b527563ed1
Author: SVN-Git Migration <python-modules-team@lists.alioth.debian.org>
Date:   Thu Oct 8 13:34:02 2015 -0700

    Imported Upstream version 0.8

Created: 2018-06-01 Last update: 2019-06-24 19:01

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2019-03-16 Last update: 2019-03-16 05:38

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2019-12761: A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

Please fix it.

Created: 2019-06-06 Last update: 2019-06-22 01:07

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-12761: A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

Please fix it.

Created: 2019-06-06 Last update: 2019-06-22 01:07

news

[rss feed]

[2019-06-16] Accepted pyxdg 0.25-4+deb8u1 (source all) into oldstable (Chris Lamb)
[2019-02-27] pyxdg 0.25-5 MIGRATED to testing (Debian testing watch)
[2019-02-17] Accepted pyxdg 0.25-5 (source) into unstable (Simon McVittie)
[2014-01-30] pyxdg 0.25-4 MIGRATED to testing (Debian testing watch)
[2014-01-27] Accepted pyxdg 0.25-4 (source all) (Andrew Starr-Bochicchio)
[2013-07-10] pyxdg 0.25-3 MIGRATED to testing (Debian testing watch)
[2013-06-29] Accepted pyxdg 0.25-3 (source all) (Andrew Starr-Bochicchio)
[2013-03-08] Accepted pyxdg 0.25-2 (source all) (Dmitry Shachnev) (signed by: Stefano Rivera)
[2013-01-09] Accepted pyxdg 0.25-1 (source all) (Thomas Kluyver) (signed by: Dimitri John Ledkov)
[2013-01-07] pyxdg 0.19-5 MIGRATED to testing (Debian testing watch)
[2012-12-22] Accepted pyxdg 0.19-5 (source all) (Josselin Mouette)
[2012-11-11] Accepted pyxdg 0.24-1 (source all) (Thomas Kluyver) (signed by: Dimitri John Ledkov)
[2012-03-20] pyxdg 0.19-4 MIGRATED to testing (Debian testing watch)
[2012-03-09] Accepted pyxdg 0.19-4 (source all) (Ryan Kavanagh)
[2011-05-20] pyxdg 0.19-3 MIGRATED to testing (Debian testing watch)
[2011-05-08] Accepted pyxdg 0.19-3 (source all) (Jakub Wilk)
[2010-07-04] pyxdg 0.19-2 MIGRATED to testing (Debian testing watch)
[2010-06-23] Accepted pyxdg 0.19-2 (source all) (Piotr Lewandowski) (signed by: Jakub Wilk)
[2010-02-15] pyxdg 0.19-1 MIGRATED to testing (Debian testing watch)
[2010-02-04] Accepted pyxdg 0.19-1 (source all) (Piotr Lewandowski) (signed by: Jakub Wilk)
[2010-01-06] pyxdg 0.18-1 MIGRATED to testing (Debian testing watch)
[2009-12-26] Accepted pyxdg 0.18-1 (source all) (Piotr Lewandowski)
[2009-10-05] pyxdg 0.17-0.1 MIGRATED to testing (Debian testing watch)
[2009-09-24] Accepted pyxdg 0.17-0.1 (source all) (Piotr Lewandowski)
[2006-07-13] pyxdg 0.15-1.1 MIGRATED to testing (Debian testing watch)
[2006-06-30] Accepted pyxdg 0.15-1.1 (source all) (Arnaud Fontaine)
[2005-11-09] Accepted pyxdg 0.15-1 (source all) (Sebastien Bacher)
[2005-06-17] Accepted pyxdg 0.14-2 (all source) (Sebastien Bacher)
[2005-06-16] Accepted pyxdg 0.14-1 (i386 source) (Sebastien Bacher)
[2004-10-23] Accepted pyxdg 0.8-1 (i386 source) (Sebastien Bacher)

bugs [bug history graph]

all: 3
RC: 0
I&N: 2
M&W: 0
F&P: 1
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.25-5
3 bugs