/usr/share/backgrounds/Water_web_by_Tom_Kijas.jpg has executable permissions set by default.

Bug #1405794 reported by aikiwolfie on 2014-12-26
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ubuntu-wallpapers (Ubuntu)

Bug Description

/usr/share/backgrounds/Water_web_by_Tom_Kijas.jpg has executable permissions set by default. This file is part of the ubuntu-wallpapers-trusty_14.04.0.1-0ubuntu1_all package.

Clearly as a background image/desktop wallpaper this file should not have executable privileges. I have checked the file with ClamTk 5.10 which reports no problems.

I'm flagging this as a security bug because jpg files can be used as an attack vector. But it's likely just a mistake in the packaging of the file.

aikiwolfie (aikiwolfie) on 2014-12-26
information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu-wallpapers (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-wallpapers - 15.04.0-0ubuntu1

ubuntu-wallpapers (15.04.0-0ubuntu1) vivid; urgency=medium

  * Remove +x from Water_web_by_Tom_Kijas (LP: #1405794)
  * Import Vivid wallpapers and create package (LP: #1429011)
  * Update default wallpaper, and add 'alternative' official wallpaper.
  * Update copyright file to account for copyright of default wallpaper and
    extend year to 2015.
 -- Iain Lane <email address hidden> Wed, 11 Mar 2015 16:31:56 +0000

Changed in ubuntu-wallpapers (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers