Ubuntu
usbview package

usbview.desktop requires su-to-root but usbview doesn't pull package menu as dependency

Bug #1789362 reported by Paulo Marcel Coelho Aragão
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
usbview (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

/usr/share/applications/usbview.desktop requires su-to-root:

[Desktop Entry]
Name=USBView
Comment=View USB devices attached to system
Exec=su-to-root -X -c /usr/bin/usbview
Icon=usbview
Terminal=false
Type=Application
Keywords=USB;devices;connected;removable;
Categories=GTK;HardwareSettings;Settings;

su-to-root belongs to package menu:

paulo:~$ apt-file search su-to-root
menu: /etc/su-to-rootrc
menu: /usr/bin/su-to-root
menu: /usr/sbin/su-to-root
menu: /usr/share/locale/ar/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/bg/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/cs/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/de/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/es/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/et/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/eu/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/fr/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/gl/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/gu/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/hu/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/ja/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/ko/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/lt/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/ml/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/nb/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/pt/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/pt_BR/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/ro/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/ru/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/sv/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/ta/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/th/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/uk/LC_MESSAGES/su-to-root.mo
menu: /usr/share/locale/vi/LC_MESSAGES/su-to-root.mo
menu: /usr/share/man/fr/man1/su-to-root.1.gz
menu: /usr/share/man/man1/su-to-root.1.gz

However, package usbview doesn't pull package menu as a dependency:

paulo:~$ apt show usbview
Package: usbview
Version: 2.0-21-g6fe2f4f-1ubuntu1
Priority: optional
Section: universe/x11
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: Mark Brown <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 1.229 kB
Depends: libc6 (>= 2.4), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.12.0), libgtk-3-0 (>= 3.0.0)
Suggests: usbutils
Homepage: http://www.kroah.com/linux-usb/
Download-Size: 244 kB
APT-Manual-Installed: yes
APT-Sources: http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
Description: USB device viewer
 USBView is a small GTK+ application to show what the device tree of
 the USB bus looks like. It shows a graphical representation of the
 devices that are currently plugged in, showing the topology of the
 USB bus. It also displays information on each individual device on
 the bus.

bug #1327062 is related, although strictly not a duplicate.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: usbview 2.0-21-g6fe2f4f-1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Uname: Linux 4.15.0-33-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Aug 28 03:39:23 2018
InstallationDate: Installed on 2018-04-28 (121 days ago)
InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
SourcePackage: usbview
UpgradeStatus: No upgrade log present (probably fresh install)

CVE References

Revision history for this message
Paulo Marcel Coelho Aragão (marcelpaulo) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in usbview (Ubuntu):
status: New → Confirmed
Revision history for this message
Logan Rosen (logan) wrote :

This bug was fixed in the package usbview - 3.0-3

---------------
usbview (3.0-3) unstable; urgency=medium

  * debian/copyright: use spaces rather than tabs to start continuation lines.
  * Update standards version to 4.6.1, no changes needed.
  * Merge minor fixes until merged upstream:
    - "Add AppStream metadata"
       https://github.com/gregkh/usbview/pull/27
    - "Display correctly when a dark GTK+ theme is used"
       https://github.com/gregkh/usbview/pull/27

 -- Barak A. Pearlmutter <email address hidden> Tue, 04 Oct 2022 13:31:41 +0100

usbview (3.0-2) unstable; urgency=medium

  * Patch to #define PATH_MAX, for GNU/Hurd
  * Fully adopt package, per email from Mark Brown, who maintained this
    package for two decades of USB viewing!

 -- Barak A. Pearlmutter <email address hidden> Tue, 25 Jan 2022 14:17:01 +0000

usbview (3.0-1) unstable; urgency=medium

  * Uscan support
  * New upstream version 2.2 (closes: #341647, #1004138, #1004160)
    - includes 2.0-21-g6fe2f4f-2.1 patches; remove from series
  * Trim trailing whitespace.
  * Bump debhelper from deprecated 9 to 13.
  * Set debhelper-compat version in Build-Depends.
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.
  * Drop unnecessary dependency on dh-autoreconf.
  * Drop unnecessary dh arguments: --parallel
  * Secure upstream repo URL
  * Update standards version to 4.6.0, no changes needed.
  * Remove deprecated debian/menu file (closes: #565294)
  * Harden
  * Modernize and update debian/copyright
  * Add packaging repo on salsa
  * Upstream has desktop file; remove debian/*.desktop
  * Remove icons from debian/, as upstream has them (closes: #987078)
  * Upstream installs man page; no need to do so in debian/
  * Remove upstreamed security patches
  * New upstream version 3.0
    - does not require any privs, so drop policykit stuff like pkexec
    - quilt patch for issue in upstream .desktop file
  * Track upstream for pkexecectomy
  * Rules do not require root
  * Add self as comaintainer

 -- Barak A. Pearlmutter <email address hidden> Mon, 24 Jan 2022 21:15:29 +0000

usbview (2.0-21-g6fe2f4f-2.1) unstable; urgency=high

  * Non-maintainer upload.
  * Fix authorization for inactive or arbitrary other users (CVE-2022-23220)
  * Pass on the command line parameters to GTK only if not invoked via pkexec

 -- Salvatore Bonaccorso <email address hidden> Sat, 15 Jan 2022 13:42:37 +0100

Changed in usbview (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.