it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Michael Gilbert <mgilbert AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 3131-1] xdg-utils security update
- Date: Sun, 18 Jan 2015 23:22:31 -0500
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- Old-return-path: <gilbert AT psidef.org>
- Priority: urgent
- Resent-date: Mon, 19 Jan 2015 04:22:53 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <voxx6fISr3B.A.xHG.daIvUB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3131-1 security AT debian.org
http://www.debian.org/security/ Michael Gilbert
January 18, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xdg-utils
CVE ID : CVE-2014-9622
Debian Bug : 773085
John Houwer discovered a way to cause xdg-open, a tool that automatically
opens URLs in a user's preferred application, to execute arbitrary
commands remotely.
For the stable distribution (wheezy), this problem has been fixed in
version 1.1.0~rc1+git20111210-6+deb7u2.
For the upcoming stable (jessie) and unstable (sid) distributions,
this problem has been fixed in version 1.1.0~rc1+git20111210-7.3.
We recommend that you upgrade your xdg-utils packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJUvIOpAAoJELjWss0C1vRzyfIgAL+XQ0ld3B3JXgdPJQQpfdaY
00JPoJhdpOEBxofEiAgkNd7EV2COkmRPO0ekvhxEKavxd9oxUWmNyK9bZ+LaVcDg
OQtAE57gSTF3qFbgOsuPkU0q6eMVPzH+kSxuXBV5962LNKTvdNnnWlri70aB5JLW
rMXdcGkOlh0ozDe5CNz3wZRZGUmbDyRbd29F+BtfAqH7fBtrCBUifwr00A24E6aS
+DIgCSMg5GUuAU3SfTh1xSE3+rfU2uxnTYC1ZdrnJrlBiMIqfitNaE2QOVw8RrAm
PA62BWnbkHJmTHmG0NfAlU5mv3QcaXG9QEny0Plh6QsL1myjkUngH+g/EfdGg845
LNU84A8U19YGfXdWD+dCol11c5mfAPk5NQdtapo9LuP3Hx05MDYVxXCfupbsEV1i
AMHplt7jhnjAsZhgb0RGzgIbi8OEk8rEL+hCiwzzHnmL1RjtHiByhOMFf7ZpbTNA
tF7/cDNchhVaxJ+iKId9JBB0X2FIRrJVfZST6LT3hoCV0nUwjeiTMQTz1Lshs/8Q
EoUfLpJJDemdnk2otXNPGDD4kzJMdpsZx+u77Pm7ZD45LaWuVoROUrk2j4MRwHzK
sI2B+8FA5GKiG1XWRmvTaqm9NZl/N8C2IVmvw1yPDVdSQ0cn90NeJdjcqFt9VV1e
RljXNebLmbE0eLXvhB2ZHPmEy/uedzr2isrLzvejU2NyJKE4qwmc4Xv1o9cxT85J
lh4KOPkOEIgTAsKvywG1bilv5cNLhliEN7CzcFO2AIDIYLz4Txy8WiOHHEIYxTWt
DlhdcXACQ/jpzt8dZh+yMUU33FjsO7fLSb7eaGe0FIx8juZG5gIr0OTg/6eZi+Eb
ruaOCGsKHV0uKBIvID22nDjJnvKsp0fDzKDTz9522ypNQI7k3Krv7I7nM46Y9oN8
n1gVKH0DflS/eZnMDgixUoBHg35pFPSz6FpSAcZRPFxCBU45+K2u0ZZ7Yq1BwEWc
c8c12hVnydyIdNmdqVNIXfcdal+fAZd3ZD9fS53UMQac+RnU5LnLHVaZuyMkITyw
IjJWolZj5JfENaEOEPOkspzm48cu/vp+u4yBnMMy7KyuXGI8y5rQGQIF1/7QJ/SJ
kWVE+qFiI2OPCMQlcyvEZqcaiBqXVrA8kAtH4P0fzz09M806+kb3dqzmxiEUweR7
YaRWSBLir9t6LXRAgAEw1v6oKxwMUWc5ES63QvHultdc4rhB2tFwwuvg0aYXVi3+
HEm7O44WhX5qQgqOUY0N2AJB30i7VNelwLK2Xt3wm/ychcHhkv+otLp17WvBVjA+
6LnJAClnPFm1CLJbpVMi9iebHkw9kJDsN2CZqVs6clSGVYYzIMfogg8969Qona8=
=TI29
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: E1YD3rD-0002aQ-2Y AT alpha.psidef.org">https://lists.debian.org/E1YD3rD-0002aQ-2Y AT alpha.psidef.org
- [IT-SecNots] [SECURITY] [DSA 3131-1] xdg-utils security update, Michael Gilbert, 19.01.2015
Archiv bereitgestellt durch MHonArc 2.6.19.