xdg-utils - Debian Package Tracker

general

source: xdg-utils (main)
version: 1.1.3-4.1
maintainer: Debian freedesktop.org maintainers (archive) (DMD)
uploaders: Nicholas Guriev [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.1.1-1+deb9u2
o-o-sec: 1.1.1-1+deb9u1
oldstable: 1.1.3-1+deb10u1
stable: 1.1.3-4.1
testing: 1.1.3-4.1
unstable: 1.1.3-4.1

versioned links

1.1.1-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.1-1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.3-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.3-4.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

xdg-utils (57 bugs: 0, 41, 16, 0)

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-27748: A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.

Created: 2021-02-19 Last update: 2021-12-05 06:30

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2020-27748: A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.

Created: 2021-08-15 Last update: 2021-12-05 06:30

7 bugs tagged patch in the BTS normal

The BTS contains patches fixing 7 bugs, consider including or untagging them.

Created: 2021-08-14 Last update: 2022-05-27 05:33

1 low-priority security issue in buster low

There is 1 open security issue in buster.

1 issue left for the package maintainer to handle:

CVE-2020-27748: (postponed; to be fixed through a stable update) A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-02-19 Last update: 2021-12-05 06:30

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2020-27748: (postponed; to be fixed through a stable update) A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-08-14 Last update: 2021-12-05 06:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).

Created: 2021-08-18 Last update: 2022-05-11 23:24

news

[rss feed]

[2021-05-04] xdg-utils 1.1.3-4.1 MIGRATED to testing (Debian testing watch)
[2021-04-26] Accepted xdg-utils 1.1.3-4.1 (source) into unstable (Roland Clobus) (signed by: Paul Gevers)
[2021-02-13] xdg-utils 1.1.3-4 MIGRATED to testing (Debian testing watch)
[2021-01-18] Accepted xdg-utils 1.1.3-4 (source) into unstable (Nicholas Guriev) (signed by: Emilio Pozuelo Monfort)
[2021-01-18] Accepted xdg-utils 1.1.3-3 (source) into unstable (Nicholas Guriev) (signed by: Adam Borowski)
[2020-04-26] Accepted xdg-utils 1.1.1-1+deb9u2 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Mattia Rizzolo)
[2020-04-25] Accepted xdg-utils 1.1.3-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Mattia Rizzolo)
[2020-03-19] xdg-utils 1.1.3-2 MIGRATED to testing (Debian testing watch)
[2020-03-14] Accepted xdg-utils 1.1.3-2 (source) into unstable (Nicholas Guriev) (signed by: Adam Borowski)
[2018-05-28] Accepted xdg-utils 1.1.0~rc1+git20111210-7.4+deb8u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Nicholas Guriev) (signed by: Luciano Bello)
[2018-05-28] Accepted xdg-utils 1.1.1-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Nicholas Guriev) (signed by: Luciano Bello)
[2018-05-25] Accepted xdg-utils 1.1.0~rc1+git20111210-7.4+deb8u1 (source all) into oldstable->embargoed, oldstable (Nicholas Guriev) (signed by: Luciano Bello)
[2018-05-25] Accepted xdg-utils 1.1.1-1+deb9u1 (source all) into stable->embargoed, stable (Nicholas Guriev) (signed by: Luciano Bello)
[2018-05-25] xdg-utils 1.1.3-1 MIGRATED to testing (Debian testing watch)
[2018-05-24] Accepted xdg-utils 1.1.0~rc1+git20111210-6+deb7u4 (source all) into oldoldstable (Nicholas Guriev) (signed by: Markus Koschany)
[2018-05-20] Accepted xdg-utils 1.1.3-1 (source) into unstable (Nicholas Guriev) (signed by: Emilio Pozuelo Monfort)
[2018-03-04] xdg-utils 1.1.2-2 MIGRATED to testing (Debian testing watch)
[2018-02-27] Accepted xdg-utils 1.1.2-2 (source) into unstable (Emilio Pozuelo Monfort)
[2017-11-02] xdg-utils 1.1.2-1 MIGRATED to testing (Debian testing watch)
[2017-10-22] Accepted xdg-utils 1.1.2-1 (source) into unstable (Nicholas Guriev) (signed by: Emilio Pozuelo Monfort)
[2015-10-11] xdg-utils 1.1.1-1 MIGRATED to testing (Britney)
[2015-10-05] Accepted xdg-utils 1.1.1-1 (source all) into unstable (Per Olofsson)
[2015-10-04] Accepted xdg-utils 1.1.0-1 (source all) into unstable (Per Olofsson)
[2015-09-28] xdg-utils 1.1.0~rc3+git20150922-1 MIGRATED to testing (Britney)
[2015-09-22] Accepted xdg-utils 1.1.0~rc3+git20150922-1 (source all) into unstable (Per Olofsson)
[2015-09-21] Accepted xdg-utils 1.1.0~rc3+git20150919-1 (source all) into unstable (Per Olofsson)
[2015-09-20] xdg-utils 1.1.0~rc3+git20150907-2 MIGRATED to testing (Britney)
[2015-09-15] Accepted xdg-utils 1.1.0~rc3+git20150907-2 (source all) into unstable (Per Olofsson)
[2015-09-14] xdg-utils 1.1.0~rc3+git20150907-1 MIGRATED to testing (Britney)
[2015-09-08] Accepted xdg-utils 1.1.0~rc3+git20150907-1 (source all) into unstable (Per Olofsson)

bugs [bug history graph]

all: 56 58
RC: 0
I&N: 41 42
M&W: 15 16
F&P: 0
patch: 7

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.1.3-4.1ubuntu2
58 bugs (3 patches)
patches for 1.1.3-4.1ubuntu2