thunar: fix CVE-2021-32563 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Stefan Ghinea <stefan.ghinea@windriver.com>	2021-05-25 21:24:58 +0300
committer	Armin Kuster <akuster808@gmail.com>	2021-06-13 12:35:48 -0700
commit	aca88908fd329f5cef6f19995b072397fb2d8ec6 (patch)
tree	f471abc8707a648f8deb14f175997b7a8548b928 /meta-python/recipes-devtools/python/python3-sqlparse
parent	e9f5cef789014e60d49b66af639bf1191374f5e6 (diff)
download	meta-openembedded-aca88908fd329f5cef6f19995b072397fb2d8ec6.tar.gz

thunar: fix CVE-2021-32563

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. References: https://nvd.nist.gov/vuln/detail/CVE-2021-32563 Upstream patches: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit baa9453d57aa06554c823b5c7bd9c029e1858f89) Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-sqlparse')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: