Opened 6 months ago
Closed 6 months ago
#20430 closed enhancement (fixed)
xdg-desktop-portal-0.18.4
| Reported by: | Xi Ruoyao | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 12.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New patch version, release in Apr.
Change History (4)
comment:1 by , 6 months ago
| Owner: | changed from to |
|---|---|
| Priority: | normal → high |
| Status: | new → assigned |
comment:2 by , 6 months ago
| Summary: | xdg-desktop-portal-0.18.4 (currency) → xdg-desktop-portal-0.18.4 |
|---|
Currency has been updated.
comment:3 by , 6 months ago
Release notes:
This is a new minor release of xdg-desktop-portal 1.18 series. Users and distributions
are strongly encouraged to update to this version. These are the changes included in
this release:
Don't allow commandline arrays when the first commandline item starts with
whitespace or hyphen. (CVE-2024-32462)
Do not store device access permission if it returned an error.
Fix crash with config files without a default backend set.
Note:
See TracTickets
for help on using tickets.
There is an 8.4/10 CVE fixed in this release. It allows for a sandbox escape via the RequestBackground portal, and several proof of concept exploits exist out in the wild that use GNOME and KDE applications.