Your message dated Fri, 04 Oct 2024 23:35:41 +0000
with message-id <[email protected]>
and subject line Bug#1072124: fixed in gnome-shell 47.0-3
has caused the Debian Bug report #1072124,
regarding gnome-shell: CVE-2024-36472
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1072124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072124
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnome-shell
X-Debbugs-CC: [email protected]
Severity: normal
Tags: security
Hi,
The following vulnerability was published for gnome-shell.
CVE-2024-36472[0]:
| In GNOME Shell through 45.7, a portal helper can be launched
| automatically (without user confirmation) based on network responses
| provided by an adversary (e.g., an adversary who controls the local
| Wi-Fi network), and subsequently loads untrusted JavaScript code,
| which may lead to resource consumption or other impacts depending on
| the JavaScript code's behavior.
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-36472
https://www.cve.org/CVERecord?id=CVE-2024-36472
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: gnome-shell
Source-Version: 47.0-3
Done: Jeremy Bícha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnome-shell, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <[email protected]> (supplier of updated gnome-shell package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 04 Oct 2024 19:14:09 -0400
Source: gnome-shell
Built-For-Profiles: noudeb
Architecture: source
Version: 47.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Jeremy Bícha <[email protected]>
Closes: 1060684 1072124 1082297
Launchpad-Bugs-Fixed: 2037055
Changes:
gnome-shell (47.0-3) unstable; urgency=medium
.
* Release to unstable (Closes: #1060684)
.
gnome-shell (47.0-2) experimental; urgency=medium
.
* Update gnome-browser-connector binary package name
* Cherry-pick proposed patch to fix login screen crash if
on-screen keyboard is enabled (Closes: #1082297)
.
gnome-shell (47.0-1) experimental; urgency=medium
.
[ Jeremy Bícha ]
* New upstream release
* Bump minimum mutter and gnome-settings-daemon
.
[ Daniel van Vugt ]
* Add shell-app-Warn-instead-of-crashing-if-disposed-before-sta.patch
to avoid crashing the shell if an app misbehaves coincidentally close
to a garbage collection run (LP: #2037055)
.
gnome-shell (47~rc-3) experimental; urgency=medium
.
* Disable the portal helper popup window and use the notification/browser
method instead. Hardening related to CVE-2024-36472 (Closes: #1072124)
* Drop now unused Depends: gir1.2-webkit-6.0
* Bump minimum gsettings-desktop-schemas
.
gnome-shell (47~rc-1) experimental; urgency=medium
.
[ Jeremy Bícha ]
* New upstream release
* Transitional gnome-shell-extensions-prefs tool is no longer provided
* Build with mutter 47 RC
* Add Build-Depends: pipewire for build tests
* Manpages are built with rst2man instead of a2x
* Refresh patches
.
[ Daniel van Vugt ]
* debian/control: Don't depend on exact versions of gnome-shell-common
.
gnome-shell (47~beta-1) experimental; urgency=medium
.
* New upstream release
* Update tray-offscreen-xwindows patches & move to separate patch topic
* Bump minimum mutter & gsettings-desktop-schemas
Checksums-Sha1:
fb95e92c2fd14346300e53697d6f100e2f5254e1 3729 gnome-shell_47.0-3.dsc
731ffb695f5f04ebf50d8a6209421003669a4c37 50136 gnome-shell_47.0-3.debian.tar.xz
c976a7ab75f3fa400ada373ba7bf5300a15b0786 22176
gnome-shell_47.0-3_source.buildinfo
Checksums-Sha256:
e331d6693a822a42fa73d8c282a0cbbd73e81d65fafd2eee1579f6ff66946510 3729
gnome-shell_47.0-3.dsc
dd924c9844b568dfaec5ddfb627b9a7ab48d10aeeb94919f9ac512b01dfb9291 50136
gnome-shell_47.0-3.debian.tar.xz
d1997503f957c14288ad06bdf7340d94fe358d07fc48ada94ff344554e149154 22176
gnome-shell_47.0-3_source.buildinfo
Files:
450cd735b93e575e762e3325ac6a6a15 3729 gnome optional gnome-shell_47.0-3.dsc
2128261994f779fea88383ca2799c8ce 50136 gnome optional
gnome-shell_47.0-3.debian.tar.xz
9e8e22c5274bb2f8e6fdb7f2bc4f5583 22176 gnome optional
gnome-shell_47.0-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmcAdz8ACgkQ5mx3Wuv+
bH3S1hAAn/yEGOvZea/po4i6sqYBiKTh5OWP/l9QndZ+o8/Ux3i1jC+IzDCKmJ6K
yLC1FAEpp+zjzljpNXMT6GmV5vuKays8L3piOi+ag62YAJgXzER0ekJTcs60Ym7P
n5atR63WDbO41amCYtpxVO66FWfJJ3ZdshnSuDLEEtJj4zIYnwWYQi28v0ebvdmw
mKfNtaEmUqtxqcjwDzusGUAy7Ggog25i1x9WjoXbJ8CeWHDYqp9Gg4fONsoZLLXI
KzXKWnR/qGDKhWeLZAYXBSI+VYaiW0pEltoVYD7+XI3VEsw4+axM0AB2PQqmKC3X
gurdKrmdJGo9ucA/8x+vqgRjKlo/wZiOG19BndAk0xJUkXYegLE4Juj8VlR369Jb
SIO+ZIhENqc/JDT+tlg9x2FS4nXsZD53WKvsG8fKsaFcXf1fwYUk1poCN4jA4uWD
bFjIL3Oj03X1MZB5fyUkOUdrCgx6vVGvP1aZg/u3pS/i8DcCg5y2gFatkJxa9wEX
zwV9mX2zzm/6dtq9fLHaWWoiFzfY2go9NYSNudpNv/EEZPfvtwuAAZvYaLUVHmSX
KWIktWXBofYvtl04gr0PXJ1IoMbYqA5biGVPFHput7jxyeZnRCuOXTiOeBG9OMYL
1HYQpAFvdGwqSlsNbYt1Prg6PHHG2fHFWF233qc4nUW5T/a+LP4=
=QNzj
-----END PGP SIGNATURE-----
pgpLWzjdwMCsE.pgp
Description: PGP signature
--- End Message ---
