Changeset 41f721e for xsoft/other
- Timestamp:
- 04/02/2021 05:54:32 PM (3 years ago)
- Branches:
- 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 9d31900
- Parents:
- b5bd147
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
xsoft/other/xdg-utils.xml
rb5bd147 r41f721e 36 36 It is required for Linux Standards Base (LSB) conformance. 37 37 </para> 38 39 <warning> 40 <para> 41 A security vulnerability exists in all versions of 42 <application>xdg-utils</application> from version 1.1.0rc1 when handling 43 mailto: URIs. An attacker could potentially send a victim a URI that 44 automatically attaches a sensitive file to a new email. If a victim user 45 does not notice that an attachment was added and sends the email, this 46 could result in sensitive information disclosure. 47 </para> 48 49 <para> 50 To mitigate this flaw, either do not use mailto links at all, or always 51 double-check in the user interface that there are no unwanted attachments 52 before sending emails, especially when the email originates from clicking 53 on a mailto link. 54 </para> 55 </warning> 38 56 39 57 &lfs101_checked;
Note:
See TracChangeset
for help on using the changeset viewer.