Please merge 1.1.3-1 from Debian Sid

Bug #1779529 reported by Simon Quigley
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xdg-utils (Ubuntu)
Fix Released
Wishlist
Simon Quigley

Bug Description

There's a new upstream release available in Debian. Let's merge it.

Changelog entries since the last merge:

xdg-utils (1.1.3-1) unstable; urgency=medium

  * New upstream release.
    - Avoid argument injection vulnerability in open_envvar.
      Fixes CVE-2017-18266, closes: #898317.
  * Remove 01-open-lxqt.patch applied by upstream.
  * Fix word expansion on KDE in xdg-email. Closes: #898999.
  * Bump debhelper and standards version, no modifications for this.

 -- Nicholas Guriev <email address hidden> Sun, 20 May 2018 01:18:48 +0300

xdg-utils (1.1.2-2) unstable; urgency=medium

  * Update Vcs for salsa.debian.org.
  * 01-open-lxqt.patch: Fix support in LXQt, which isn't the same as LXDE.
    Closes: #884436.

 -- Emilio Pozuelo Monfort <email address hidden> Tue, 27 Feb 2018 10:25:43 +0100

CVE References

Revision history for this message
Simon Quigley (tsimonq2) wrote :

Here's a debdiff which, when applied, builds fine on my system.

It's applicable to 1.1.3-1.

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

done.

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

BTW this is candidate for sync, if you can make the last delta go in Debian too...

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xdg-utils - 1.1.3-1ubuntu1

---------------
xdg-utils (1.1.3-1ubuntu1) cosmic; urgency=low

  * Merge from Debian Sid (LP: #1779529). Remaining changes:
    - Add debian/xdg-utils.links:
      + Symlink /usr/bin/xdg-open to /usr/bin/browse (LP: #1624022)
  * Drop lp779156-lubuntu.diff:
    - Lubuntu no longer uses LXDE and Sylpheed.
  * Drop CVE-2017-18266*.patch:
    - The fixes were applied upstream.
  * Drop proper-lxqt-handling.patch:
    - Proper LXQt support was merged upstream.

xdg-utils (1.1.3-1) unstable; urgency=medium

  * New upstream release.
    - Avoid argument injection vulnerability in open_envvar.
      Fixes CVE-2017-18266, closes: #898317.
  * Remove 01-open-lxqt.patch applied by upstream.
  * Fix word expansion on KDE in xdg-email. Closes: #898999.
  * Bump debhelper and standards version, no modifications for this.

xdg-utils (1.1.2-2) unstable; urgency=medium

  * Update Vcs for salsa.debian.org.
  * 01-open-lxqt.patch: Fix support in LXQt, which isn't the same as LXDE.
    Closes: #884436.

 -- Simon Quigley <email address hidden> Sun, 01 Jul 2018 01:59:06 -0500

Changed in xdg-utils (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.