Debian Package Tracker
Register | Log in
Subscribe

xdg-utils

desktop integration utilities from freedesktop.org

Choose email to subscribe with

general
  • source: xdg-utils (main)
  • version: 1.1.3-4.1
  • maintainer: Debian freedesktop.org maintainers (archive) (DMD)
  • uploaders: Nicholas Guriev [DMD]
  • arch: all
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.1.1-1+deb9u2
  • o-o-sec: 1.1.1-1+deb9u1
  • oldstable: 1.1.3-1+deb10u1
  • stable: 1.1.3-4.1
  • testing: 1.1.3-4.1
  • unstable: 1.1.3-4.1
versioned links
  • 1.1.1-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.1-1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.3-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.3-4.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • xdg-utils (57 bugs: 0, 41, 16, 0)
action needed
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2020-27748: A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.
Created: 2021-02-19 Last update: 2021-12-05 06:30
1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:
  • CVE-2020-27748: A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.
Created: 2021-08-15 Last update: 2021-12-05 06:30
7 bugs tagged patch in the BTS normal
The BTS contains patches fixing 7 bugs, consider including or untagging them.
Created: 2021-08-14 Last update: 2022-05-27 05:33
1 low-priority security issue in buster low

There is 1 open security issue in buster.

1 issue left for the package maintainer to handle:
  • CVE-2020-27748: (postponed; to be fixed through a stable update) A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-02-19 Last update: 2021-12-05 06:30
1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:
  • CVE-2020-27748: (postponed; to be fixed through a stable update) A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-08-14 Last update: 2021-12-05 06:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).
Created: 2021-08-18 Last update: 2022-05-11 23:24
news
[rss feed]
  • [2021-05-04] xdg-utils 1.1.3-4.1 MIGRATED to testing (Debian testing watch)
  • [2021-04-26] Accepted xdg-utils 1.1.3-4.1 (source) into unstable (Roland Clobus) (signed by: Paul Gevers)
  • [2021-02-13] xdg-utils 1.1.3-4 MIGRATED to testing (Debian testing watch)
  • [2021-01-18] Accepted xdg-utils 1.1.3-4 (source) into unstable (Nicholas Guriev) (signed by: Emilio Pozuelo Monfort)
  • [2021-01-18] Accepted xdg-utils 1.1.3-3 (source) into unstable (Nicholas Guriev) (signed by: Adam Borowski)
  • [2020-04-26] Accepted xdg-utils 1.1.1-1+deb9u2 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Mattia Rizzolo)
  • [2020-04-25] Accepted xdg-utils 1.1.3-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Mattia Rizzolo)
  • [2020-03-19] xdg-utils 1.1.3-2 MIGRATED to testing (Debian testing watch)
  • [2020-03-14] Accepted xdg-utils 1.1.3-2 (source) into unstable (Nicholas Guriev) (signed by: Adam Borowski)
  • [2018-05-28] Accepted xdg-utils 1.1.0~rc1+git20111210-7.4+deb8u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Nicholas Guriev) (signed by: Luciano Bello)
  • [2018-05-28] Accepted xdg-utils 1.1.1-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Nicholas Guriev) (signed by: Luciano Bello)
  • [2018-05-25] Accepted xdg-utils 1.1.0~rc1+git20111210-7.4+deb8u1 (source all) into oldstable->embargoed, oldstable (Nicholas Guriev) (signed by: Luciano Bello)
  • [2018-05-25] Accepted xdg-utils 1.1.1-1+deb9u1 (source all) into stable->embargoed, stable (Nicholas Guriev) (signed by: Luciano Bello)
  • [2018-05-25] xdg-utils 1.1.3-1 MIGRATED to testing (Debian testing watch)
  • [2018-05-24] Accepted xdg-utils 1.1.0~rc1+git20111210-6+deb7u4 (source all) into oldoldstable (Nicholas Guriev) (signed by: Markus Koschany)
  • [2018-05-20] Accepted xdg-utils 1.1.3-1 (source) into unstable (Nicholas Guriev) (signed by: Emilio Pozuelo Monfort)
  • [2018-03-04] xdg-utils 1.1.2-2 MIGRATED to testing (Debian testing watch)
  • [2018-02-27] Accepted xdg-utils 1.1.2-2 (source) into unstable (Emilio Pozuelo Monfort)
  • [2017-11-02] xdg-utils 1.1.2-1 MIGRATED to testing (Debian testing watch)
  • [2017-10-22] Accepted xdg-utils 1.1.2-1 (source) into unstable (Nicholas Guriev) (signed by: Emilio Pozuelo Monfort)
  • [2015-10-11] xdg-utils 1.1.1-1 MIGRATED to testing (Britney)
  • [2015-10-05] Accepted xdg-utils 1.1.1-1 (source all) into unstable (Per Olofsson)
  • [2015-10-04] Accepted xdg-utils 1.1.0-1 (source all) into unstable (Per Olofsson)
  • [2015-09-28] xdg-utils 1.1.0~rc3+git20150922-1 MIGRATED to testing (Britney)
  • [2015-09-22] Accepted xdg-utils 1.1.0~rc3+git20150922-1 (source all) into unstable (Per Olofsson)
  • [2015-09-21] Accepted xdg-utils 1.1.0~rc3+git20150919-1 (source all) into unstable (Per Olofsson)
  • [2015-09-20] xdg-utils 1.1.0~rc3+git20150907-2 MIGRATED to testing (Britney)
  • [2015-09-15] Accepted xdg-utils 1.1.0~rc3+git20150907-2 (source all) into unstable (Per Olofsson)
  • [2015-09-14] xdg-utils 1.1.0~rc3+git20150907-1 MIGRATED to testing (Britney)
  • [2015-09-08] Accepted xdg-utils 1.1.0~rc3+git20150907-1 (source all) into unstable (Per Olofsson)
  • 1
  • 2
bugs [bug history graph]
  • all: 56 58
  • RC: 0
  • I&N: 41 42
  • M&W: 15 16
  • F&P: 0
  • patch: 7
links
  • homepage
  • lintian
  • buildd: logs, clang, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.1.3-4.1ubuntu2
  • 58 bugs (3 patches)
  • patches for 1.1.3-4.1ubuntu2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing