Ubuntu
ubuntu-wallpapers package

/usr/share/backgrounds/Water_web_by_Tom_Kijas.jpg has executable permissions set by default.

Bug #1405794 reported by aikiwolfie
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ubuntu-wallpapers (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

/usr/share/backgrounds/Water_web_by_Tom_Kijas.jpg has executable permissions set by default. This file is part of the ubuntu-wallpapers-trusty_14.04.0.1-0ubuntu1_all package.

Clearly as a background image/desktop wallpaper this file should not have executable privileges. I have checked the file with ClamTk 5.10 which reports no problems.

I'm flagging this as a security bug because jpg files can be used as an attack vector. But it's likely just a mistake in the packaging of the file.

aikiwolfie (aikiwolfie)
information type: Private Security → Public Security
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu-wallpapers (Ubuntu):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-wallpapers - 15.04.0-0ubuntu1

---------------
ubuntu-wallpapers (15.04.0-0ubuntu1) vivid; urgency=medium

  * Remove +x from Water_web_by_Tom_Kijas (LP: #1405794)
  * Import Vivid wallpapers and create package (LP: #1429011)
  * Update default wallpaper, and add 'alternative' official wallpaper.
  * Update copyright file to account for copyright of default wallpaper and
    extend year to 2015.
 -- Iain Lane <email address hidden> Wed, 11 Mar 2015 16:31:56 +0000

Changed in ubuntu-wallpapers (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.