Changeset 41f721e for xsoft/other


Ignore:
Timestamp:
04/02/2021 05:54:32 PM (3 years ago)
Author:
Ken Moffat <ken@…>
Branches:
11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
9d31900
Parents:
b5bd147
Message:

Security fixes for flac and libssh2.
Also note the unfixed vulnerability in xdg-utils mailto
(thanks to Arch for noticing this).

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24429 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:
1 edited

Legend:

Unmodified
Added
Removed

  • xsoft/other/xdg-utils.xml

    rb5bd147 r41f721e  
    3636      It is required for Linux Standards Base (LSB) conformance.
    3737    </para>
     38
     39    <warning>
     40      <para>
     41        A security vulnerability exists in all versions of
     42        <application>xdg-utils</application> from version 1.1.0rc1 when handling
     43        mailto: URIs. An attacker could potentially send a victim a URI that
     44        automatically attaches a sensitive file to a new email. If a victim user
     45        does not notice that an attachment was added and sends the email, this
     46        could result in sensitive information disclosure.
     47      </para>
     48
     49      <para>
     50        To mitigate this flaw, either do not use mailto links at all, or always
     51        double-check in the user interface that there are no unwanted attachments
     52        before sending emails, especially when the email originates from clicking
     53        on a mailto link.
     54      </para>
     55    </warning>
    3856
    3957    &lfs101_checked;
Note: See TracChangeset for help on using the changeset viewer.