Your message dated Mon, 3 Jun 2019 23:34:36 +0100
with message-id <[email protected]>
and subject line Re: Bug#928732: CVE-2019-11460
has caused the Debian Bug report #928732,
regarding CVE-2019-11460
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
928732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928732
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnome-desktop3
Severity: important
Tags: security
This was assigned CVE-2019-11460:
https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Version: 3.32.1-1
On Thu, 09 May 2019 at 22:34:53 +0200, Moritz Muehlenhoff wrote:
> This was assigned CVE-2019-11460:
> https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
This was fixed in 3.32.1, so I believe the bug is already not present
in experimental:
$ git grep TIOCSTI
libgnome-desktop/gnome-desktop-thumbnail-script.c: {SCMP_SYS (ioctl),
&SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)},
I'm preparing a backport of the upstream commit to 3.30.x for buster.
(It was in 3.30.2.3, but that version has a lot of Autotools noise
for a one-line change, so it doesn't seem worth following upstream
3.30.x releases unless/until there's a larger important fix.)
On Thu, 09 May 2019 at 23:00:41 +0200, Salvatore Bonaccorso wrote:
> found 928732 3.32.1-1
... or please reopen if you have information to the contrary?
Thanks,
smcv
--- End Message ---
