Your message dated Fri, 06 Sep 2024 18:27:03 +0000
with message-id <[email protected]>
and subject line Bug#1072124: fixed in gnome-shell 47~rc-3
has caused the Debian Bug report #1072124,
regarding gnome-shell: CVE-2024-36472
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1072124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072124
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnome-shell
X-Debbugs-CC: [email protected]
Severity: normal
Tags: security
Hi,
The following vulnerability was published for gnome-shell.
CVE-2024-36472[0]:
| In GNOME Shell through 45.7, a portal helper can be launched
| automatically (without user confirmation) based on network responses
| provided by an adversary (e.g., an adversary who controls the local
| Wi-Fi network), and subsequently loads untrusted JavaScript code,
| which may lead to resource consumption or other impacts depending on
| the JavaScript code's behavior.
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-36472
https://www.cve.org/CVERecord?id=CVE-2024-36472
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: gnome-shell
Source-Version: 47~rc-3
Done: Jeremy Bícha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnome-shell, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <[email protected]> (supplier of updated gnome-shell package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Sep 2024 14:08:52 -0400
Source: gnome-shell
Built-For-Profiles: noudeb
Architecture: source
Version: 47~rc-3
Distribution: experimental
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Jeremy Bícha <[email protected]>
Closes: 1072124
Changes:
gnome-shell (47~rc-3) experimental; urgency=medium
.
* Disable the portal helper popup window and use the notification/browser
method instead. Hardening related to CVE-2024-36472 (Closes: #1072124)
* Drop now unused Depends: gir1.2-webkit-6.0
* Bump minimum gsettings-desktop-schemas
Checksums-Sha1:
309c5c281b48ef32394720437e03185591fc5634 3754 gnome-shell_47~rc-3.dsc
a32fba050d0f82dc993b6e708eea395c66fc48b4 48684
gnome-shell_47~rc-3.debian.tar.xz
d257dd145d83a6199a132fc937ce86a793cfcb42 21643
gnome-shell_47~rc-3_source.buildinfo
Checksums-Sha256:
5d38a758fb4bfe3b785561a5739678794b5afd6272e1803462f82957290e8a9c 3754
gnome-shell_47~rc-3.dsc
c51b07e13fd3eef33540762353092f779e6fc250a4044a72f7930703e4f4e372 48684
gnome-shell_47~rc-3.debian.tar.xz
b049458f789f07db7e607d8e2dab0f4696c8067b7c0e07ce239e37c40833af97 21643
gnome-shell_47~rc-3_source.buildinfo
Files:
0e755d5c2a662465a2121460b1d45a10 3754 gnome optional gnome-shell_47~rc-3.dsc
8f3a6e670984dcba20e0087ae4fbf5ed 48684 gnome optional
gnome-shell_47~rc-3.debian.tar.xz
f0718aea5b360857e39e91fb50bf0e88 21643 gnome optional
gnome-shell_47~rc-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmbbRboACgkQ5mx3Wuv+
bH1d7RAApV0gUtsThUEwG5umQzxgV/TqrksfcccEQvc7U0M0n0o2yvIXTpkp/hPm
y2fo9kbOvHZxjunF/0C0WMTYLwfEOaWr+iKU/oGx1HJWwgsof1l6MFCscNhgOPu8
6PtnfCr8mUwJCpmPmcWrQD0LDBXJ9+OHSu24RwKZpWzdfzuAtnHqlu5t+90gXPW4
XycZO3v9tIbi5Ve2KRCzc/QkU5LvFhxWyeVuUT0xJQflQgEVVtxdL8Kp5/knlIlP
SP+pnL/ChOLxiCNvVkhk2eiVzAJ8AeVWqy6Dm/KnQlgNv5e2Q5Xzl1OjRr+4A449
FcG8qCP4YJkxlcKFGgzStIzlm0uS9n+BpG0mUsGaZz8IaQxkELNcaGgd2NsZWK9j
NXdSx4mRCOhki925c9JE7h6YBJAfB/tiRNXndvy//UQvsOioDeuwK9n3dFuZkVYL
cAJVMPZQQsRpq9YiPplHnrptBzknlKkb4ZcfN4eQJPvRtN6Yv1AtU0arVrjEYzWq
hnFE604eaFbwiYcNqG7D46OMlzudsWSg3+cz5YFsF6w9Hj4/RM2XbNQUyqIy29zH
wFHPksSeVyN36i/IdKPf9LASgE2IbAn1sEsvWQlGbAO8svzDDklq4V5KS9o26Zpt
m6WQZG6/BmrGww1uAK66o8E+w0iL3rqsDAxQFOi451SpRmsY+ZE=
=pYQy
-----END PGP SIGNATURE-----
pgpU7BNotww5K.pgp
Description: PGP signature
--- End Message ---
