* SECURITY UPDATE: Predictable /tmp path could lead to
denial-of-service/manipulation of data for clockworks applet
(LP: #2044373)
- d/patches/clockwork-tmpxdg.patch: change /tmp path
usage to use XDG_RUNTIME_DIR/HOME user-space locations,
thanks to original author
d/patches/clockwork-tmpxdg-pep8.patch: resolve pep8
package test failure, thanks to original author
- CVE-2023-49342
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-of-service/manipulation of data for dropby applet
(LP: #2044373)
- d/patches Don-t-hard-code-tmp-in-window-shuffler-422.patch cherry-pick
patch to allow the security patch to apply
- d/patches/dropby-tmpxdg.patch: change /tmp path
usage to use XDG_RUNTIME_DIR/HOME user-space locations
d/patches/dropby-tmpxdg-pep8.patch: resolve pep8
package test failure, thanks to original author
- CVE-2023-49343
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-of-service/manipulation of data for shuffler app
(LP: #2044373)
- d/patches/shuffler-tmpxdg.patch: change /tmp path
usage to use XDG_RUNTIME_DIR/HOME user-space locations,
thanks to original author
- CVE-2023-49344
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-of-service/manipulation of data for takeabreak
applet (LP: #2044373)
- d/patches/Don-t-hard-code-tmp-in-takeabreak-422.patch cherry-pick patch
to allow the security patch to apply
- d/patches/takeabreak-tmpxdg.patch: change /tmp path
usage to use XDG_RUNTIME_DIR/HOME user-space locations,
thanks to original author
d/patches/takeabreak-tmpxdg-pep8.patch: resolve pep8
package test failure, thanks to original author
d/patches/takeabreak-tmpxdg-pep8_part2.patch: resolve pep8
package test failure, thanks to original author
- CVE-2023-49345
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-of-service/manipulation of data for weathershow
applet (LP: #2044373)
- d/patches/Don-t-hard-code-tmp-in-weathershow-422.patch cherry-pick patch
to allow the security patch to apply
- d/patches/weathershow-tmpxdg.patch: change /tmp path
usage to use XDG_RUNTIME_DIR/HOME user-space locations,
thanks to original author
- CVE-2023-49346
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-of-service/manipulation of data for window
previews applet (LP: #2044373)
- d/patches Don-t-hard-code-tmp-in-previews-422.patch cherry-pick patch to
allow the security patch to apply
- d/patches/wpreviews-tmpxdg.patch: change /tmp path
usage to use XDG_RUNTIME_DIR/HOME user-space locations,
thanks to original author
- CVE-2023-49347
-- David Mohammed <email address hidden> Tue, 07 Nov 2023 23:29:45 +0000
This bug was fixed in the package budgie-extras - 1.4.0-1ubuntu3.1
---------------
budgie-extras (1.4.0-1ubuntu3.1) jammy-security; urgency=medium
* SECURITY UPDATE: Predictable /tmp path could lead to of-service/ manipulation of data for clockworks applet clockwork- tmpxdg. patch: change /tmp path DIR/HOME user-space locations, patches/ clockwork- tmpxdg- pep8.patch: resolve pep8 of-service/ manipulation of data for dropby applet code-tmp- in-window- shuffler- 422.patch cherry-pick dropby- tmpxdg. patch: change /tmp path DIR/HOME user-space locations patches/ dropby- tmpxdg- pep8.patch: resolve pep8 of-service/ manipulation of data for shuffler app shuffler- tmpxdg. patch: change /tmp path DIR/HOME user-space locations, of-service/ manipulation of data for takeabreak Don-t-hard- code-tmp- in-takeabreak- 422.patch cherry-pick patch takeabreak- tmpxdg. patch: change /tmp path DIR/HOME user-space locations, patches/ takeabreak- tmpxdg- pep8.patch: resolve pep8 patches/ takeabreak- tmpxdg- pep8_part2. patch: resolve pep8 of-service/ manipulation of data for weathershow Don-t-hard- code-tmp- in-weathershow- 422.patch cherry-pick patch weathershow- tmpxdg. patch: change /tmp path DIR/HOME user-space locations, of-service/ manipulation of data for window code-tmp- in-previews- 422.patch cherry-pick patch to wpreviews- tmpxdg. patch: change /tmp path DIR/HOME user-space locations,
denial-
(LP: #2044373)
- d/patches/
usage to use XDG_RUNTIME_
thanks to original author
d/
package test failure, thanks to original author
- CVE-2023-49342
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-
(LP: #2044373)
- d/patches Don-t-hard-
patch to allow the security patch to apply
- d/patches/
usage to use XDG_RUNTIME_
d/
package test failure, thanks to original author
- CVE-2023-49343
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-
(LP: #2044373)
- d/patches/
usage to use XDG_RUNTIME_
thanks to original author
- CVE-2023-49344
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-
applet (LP: #2044373)
- d/patches/
to allow the security patch to apply
- d/patches/
usage to use XDG_RUNTIME_
thanks to original author
d/
package test failure, thanks to original author
d/
package test failure, thanks to original author
- CVE-2023-49345
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-
applet (LP: #2044373)
- d/patches/
to allow the security patch to apply
- d/patches/
usage to use XDG_RUNTIME_
thanks to original author
- CVE-2023-49346
* SECURITY UPDATE: Predictable /tmp path could lead to
denial-
previews applet (LP: #2044373)
- d/patches Don-t-hard-
allow the security patch to apply
- d/patches/
usage to use XDG_RUNTIME_
thanks to original author
- CVE-2023-49347
-- David Mohammed <email address hidden> Tue, 07 Nov 2023 23:29:45 +0000