Bug#1023732: marked as done (xfce4-settings: CVE-2022-45062: argument injection vulnerability in xfce4-mime-helper)
Your message dated Wed, 07 Dec 2022 19:02:38 + with message-id and subject line Bug#1023732: fixed in xfce4-settings 4.16.0-1+deb11u1 has caused the Debian Bug report #1023732, regarding xfce4-settings: CVE-2022-45062: argument injection vulnerability in xfce4-mime-helper to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1023732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023732 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: xfce4-settings Version: 4.16.3-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for xfce4-settings. CVE-2022-45062[0]: | In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there | is an argument injection vulnerability in xfce4-mime-helper. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-45062 https://www.cve.org/CVERecord?id=CVE-2022-45062 [1] https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 (not public) [2] https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 (xfce4-settings-4.16.4) [3] https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110 (xfce4-settings-4.17.1) Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: xfce4-settings Source-Version: 4.16.0-1+deb11u1 Done: Yves-Alexis Perez We believe that the bug you reported is fixed in the latest version of xfce4-settings, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1023...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez (supplier of updated xfce4-settings package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 03 Dec 2022 13:50:21 +0100 Source: xfce4-settings Architecture: source Version: 4.16.0-1+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Xfce Maintainers Changed-By: Yves-Alexis Perez Closes: 1023732 Changes: xfce4-settings (4.16.0-1+deb11u1) bullseye-security; urgency=medium . * d/gbp.conf: follow bullseye-security branch. Gbp-dch: ignore * d/patches: 0002-mime-settings-Properly-quote-command-parameters added. Fix argument injection in xfce4-mime-helper (CVE-2022-45062) (Closes: #1023732) Checksums-Sha1: 1f351e4336d45aa134fadef809918ce714b7b28f 2084 xfce4-settings_4.16.0-1+deb11u1.dsc 3ae863cc28a74ea5847cb5a9be1261171eb8328f 1492754 xfce4-settings_4.16.0.orig.tar.bz2 6b5b66968fb1e8676bf7c2623c3f025478183e21 9668 xfce4-settings_4.16.0-1+deb11u1.debian.tar.xz f49db60ece44ae94aaecfd8e4629646fdb7f6ae2 16485 xfce4-settings_4.16.0-1+deb11u1_amd64.buildinfo Checksums-Sha256: 226fdddf12965466f7808a6b835e0051ef87c2dd3eb82c14097938b7361eb1a4 2084 xfce4-settings_4.16.0-1+deb11u1.dsc 67a1404fc754c675c6431e22a8fe0e5d79644fdfadbfe25a4523d68e1442ddc2 1492754 xfce4-settings_4.16.0.orig.tar.bz2 f68138a8fc704e44224f5771aaf68a6e81dbc18a55c431d770de86cba2d69b29 9668 xfce4-settings_4.16.0-1+deb11u1.debian.tar.xz ed38a969fdc5c1af77b83bc4fc8676266675addb04cf1f5db7218797888d6f73 16485 xfce4-settings_4.16.0-1+deb11u1_amd64.buildinfo Files: b8c2d4edf9b54465933d0b04788c2cf8 2084 xfce optional xfce4-settings_4.16.0-1+deb11u1.dsc 3aa1f4edb1190f5c164d5760688f247a 1492754 xfce optional xfce4-settings_4.16.0.orig.tar.bz2 2c5f29960631db3d4677c3d9ffd711db 9668 xfce optional xfce4-settings_4.16.0-1+deb11u1.debian.tar.xz 26090e0472450d7cecf76116feb1dac8 16485 xfce optional xfce4-settings_4.16.0-1+deb11u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmOMeKsACgkQ3rYcyPpX RFujtAf+K0RZlsA67Z6/9C6Qp33GquJXmc29q0SRFoLzW6OjyMwhQDxD6llkPtsG D8RLuPS9uPyV6NE32eTJRTc1Ihpp3BOQ3PF5D2bZHoQXWuIaNaJ8gfFTX6i9wban tpbBUaThdS796fGb2Oum3/oIdTz0/2yB4GRYq/yIKKxNKO6qG8R2KIlFIJFOWEak Q9Xvs3S4K2udRBJabOPmCT8V54WbH4kVa9L20yZMq+YCOxHg3cCoQ7B43wFOZYvL
Bug#917868: xfce4-pulseaudio-plugin: Notifications when volume changes causes plugin to temporarily freeze
I ran into this same problem when my notifications daemon was not loading correctly. That was due to #899377 because I had plasma-workspace installed. It also caused similar stalls with nm-applet. Once I had notifications working (and I verified that with notify-send), I was able to re-enable the "Show notifications when volume changes" and it worked fine. Hope this helps someone, Diego
lightdm_1.32.0-1_source.changes ACCEPTED into experimental
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 07 Dec 2022 19:02:52 +0100 Source: lightdm Architecture: source Version: 1.32.0-1 Distribution: experimental Urgency: medium Maintainer: Debian Xfce Maintainers Changed-By: Yves-Alexis Perez Closes: 1022849 Changes: lightdm (1.32.0-1) experimental; urgency=medium . [ Debian Janitor ] * Remove constraints unnecessary since buster * Remove overrides for lintian tags that are no longer supported. * Set upstream metadata fields: Contact. * Fix field name case in debian/control (Pre-depends => Pre-Depends). . [ Akbarkhon Variskhanov ] * d/watch: Fix URL and pattern * debian/control: Update Homepage. Thanks to Boyuan Yang for the suggestion (Closes: #1022849) * Update upstream metadata . [ Yves-Alexis Perez ] * New upstream version 1.32.0 * d/patches: rebase against new upstream * d/lightdm.install: drop /etc/dbus-1 * update symbols for new release * d/control: update standards version to 4.6.1 Checksums-Sha1: 0477befeefbef7f1c5ebe595cec36a682f590a66 2496 lightdm_1.32.0-1.dsc 784fc32967e2f6ce98ade49f6998610d4f856e1a 518168 lightdm_1.32.0.orig.tar.xz 006a3d34ab61eb16612cac3ac2f523e15c20e163 195 lightdm_1.32.0.orig.tar.xz.asc ba410a527b46a759797091f8561b76d02c55d65b 38480 lightdm_1.32.0-1.debian.tar.xz 1519f95c745ee130313dbc8243cd70a3da32401c 19490 lightdm_1.32.0-1_amd64.buildinfo Checksums-Sha256: 2f9c83116301062cdf0fefcb1cd95c1afd05fd3fac2386a2516d640d5136be42 2496 lightdm_1.32.0-1.dsc 12f5ab432748f0387c7cf8b94430495a558a035a4f8465e5181af6faff133e4b 518168 lightdm_1.32.0.orig.tar.xz 8ff9d803e6d19e6d4553ceeec0adaa31d068b4f86a90319a6f0899d63899fba3 195 lightdm_1.32.0.orig.tar.xz.asc 528522438b08edcb2ce2073e99b379d9faa031abd912ed4677a5edfca0a8731f 38480 lightdm_1.32.0-1.debian.tar.xz 592aaa5e1031a60067166b4796caedc4efa48f443633fb43d82bbf5de6539696 19490 lightdm_1.32.0-1_amd64.buildinfo Files: 5915f95b797505025735b9160680cde7 2496 x11 optional lightdm_1.32.0-1.dsc e62a5da6c35f612e4d9575eda5c8d467 518168 x11 optional lightdm_1.32.0.orig.tar.xz 3cced8ddf2296f03b2ccf941fdca9fa1 195 x11 optional lightdm_1.32.0.orig.tar.xz.asc ba3464c61a3f81e61e1f14918e70 38480 x11 optional lightdm_1.32.0-1.debian.tar.xz 2a549ea1b1ba872d59722a6f4d03a96c 19490 x11 optional lightdm_1.32.0-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmOQ2FoACgkQ3rYcyPpX RFu2eggAhcAFFuSjrNIjr+fmyg2Qyk7ei9HqK1KpNkF4LzGNAv9Fk+Eo9GoSoIah BQ+GgiRDROCRcvRO4s4XE03iQcwE0sX7Neu22h5Pvz3lgcmMHEqXEtFkqYIrvjO0 YGFTZhymA1xZy0Da2rOQHfrB1NZQhDKaepKB/4ymCTFoXkWRJUYtKsW7u0moZy8+ bSOd/f364nsFq3NgbT0Cfy5/gQJiB4bBzhzpVjOxNfRRtbuo3LBQTenYLpuqrXwH 20frgEq8N4hUD5Rm1kb8VN8oV7iAla9N7jJhKXqssyKtZOmaAfov2qJL9atQfFND x4dY+MSvl0uVowMJt7vfO2gIv0nc+Q== =Kfvr -END PGP SIGNATURE-
Processing of lightdm_1.32.0-1_source.changes
lightdm_1.32.0-1_source.changes uploaded successfully to localhost along with the files: lightdm_1.32.0-1.dsc lightdm_1.32.0.orig.tar.xz lightdm_1.32.0.orig.tar.xz.asc lightdm_1.32.0-1.debian.tar.xz lightdm_1.32.0-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
xfce4-settings_4.16.0-1+deb11u1_source.changes ACCEPTED into proposed-updates
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 03 Dec 2022 13:50:21 +0100 Source: xfce4-settings Architecture: source Version: 4.16.0-1+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Xfce Maintainers Changed-By: Yves-Alexis Perez Closes: 1023732 Changes: xfce4-settings (4.16.0-1+deb11u1) bullseye-security; urgency=medium . * d/gbp.conf: follow bullseye-security branch. Gbp-dch: ignore * d/patches: 0002-mime-settings-Properly-quote-command-parameters added. Fix argument injection in xfce4-mime-helper (CVE-2022-45062) (Closes: #1023732) Checksums-Sha1: 1f351e4336d45aa134fadef809918ce714b7b28f 2084 xfce4-settings_4.16.0-1+deb11u1.dsc 3ae863cc28a74ea5847cb5a9be1261171eb8328f 1492754 xfce4-settings_4.16.0.orig.tar.bz2 6b5b66968fb1e8676bf7c2623c3f025478183e21 9668 xfce4-settings_4.16.0-1+deb11u1.debian.tar.xz f49db60ece44ae94aaecfd8e4629646fdb7f6ae2 16485 xfce4-settings_4.16.0-1+deb11u1_amd64.buildinfo Checksums-Sha256: 226fdddf12965466f7808a6b835e0051ef87c2dd3eb82c14097938b7361eb1a4 2084 xfce4-settings_4.16.0-1+deb11u1.dsc 67a1404fc754c675c6431e22a8fe0e5d79644fdfadbfe25a4523d68e1442ddc2 1492754 xfce4-settings_4.16.0.orig.tar.bz2 f68138a8fc704e44224f5771aaf68a6e81dbc18a55c431d770de86cba2d69b29 9668 xfce4-settings_4.16.0-1+deb11u1.debian.tar.xz ed38a969fdc5c1af77b83bc4fc8676266675addb04cf1f5db7218797888d6f73 16485 xfce4-settings_4.16.0-1+deb11u1_amd64.buildinfo Files: b8c2d4edf9b54465933d0b04788c2cf8 2084 xfce optional xfce4-settings_4.16.0-1+deb11u1.dsc 3aa1f4edb1190f5c164d5760688f247a 1492754 xfce optional xfce4-settings_4.16.0.orig.tar.bz2 2c5f29960631db3d4677c3d9ffd711db 9668 xfce optional xfce4-settings_4.16.0-1+deb11u1.debian.tar.xz 26090e0472450d7cecf76116feb1dac8 16485 xfce optional xfce4-settings_4.16.0-1+deb11u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmOMeKsACgkQ3rYcyPpX RFujtAf+K0RZlsA67Z6/9C6Qp33GquJXmc29q0SRFoLzW6OjyMwhQDxD6llkPtsG D8RLuPS9uPyV6NE32eTJRTc1Ihpp3BOQ3PF5D2bZHoQXWuIaNaJ8gfFTX6i9wban tpbBUaThdS796fGb2Oum3/oIdTz0/2yB4GRYq/yIKKxNKO6qG8R2KIlFIJFOWEak Q9Xvs3S4K2udRBJabOPmCT8V54WbH4kVa9L20yZMq+YCOxHg3cCoQ7B43wFOZYvL 2CWcio4GDSfe0CXuMEhQSvNkatMHhacFqPEMXTuNLXAsIyF6bKR6Wu3mpgnQfYS6 dd9TMwbvqSU+BrgTfdDs37Zu857Hdg== =y77z -END PGP SIGNATURE-
Bug#1022849: marked as done (lightdm: Project migrated to new homepage)
Your message dated Wed, 07 Dec 2022 18:21:07 + with message-id and subject line Bug#1022849: fixed in lightdm 1.32.0-1 has caused the Debian Bug report #1022849, regarding lightdm: Project migrated to new homepage to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1022849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022849 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: lightdm Version: 1.26.0-8 Severity: normal Tags: sid X-Debbugs-CC: cor...@debian.org unit...@debian.org Dear Debian lightdm package maintainers, According to the old homepage https://launchpad.net/lightdm , "This project now managed on GitHub: https://github.com/CanonicalLtd/lightdm ". Please update the homepage information and uscan to the GitHub project. Besides, I very much doubt the current decision of staying with lightdm/1.26.0. I remember years ago when I requested upgrading lightdm in Debian, someone told me that lightdm 1.26.x is a "stable release" so we should stay with it. Unfortunately it is no longer the case today. As seen in https://discourse.ubuntu.com/t/current-status-of-lightdm/29048/8 , the lightdm upstream is no longer keeping so-called "stable branch". We really should go with the latest release 1.32.0. Best, Boyuan Yang signature.asc Description: This is a digitally signed message part --- End Message --- --- Begin Message --- Source: lightdm Source-Version: 1.32.0-1 Done: Yves-Alexis Perez We believe that the bug you reported is fixed in the latest version of lightdm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1022...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez (supplier of updated lightdm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 07 Dec 2022 19:02:52 +0100 Source: lightdm Architecture: source Version: 1.32.0-1 Distribution: experimental Urgency: medium Maintainer: Debian Xfce Maintainers Changed-By: Yves-Alexis Perez Closes: 1022849 Changes: lightdm (1.32.0-1) experimental; urgency=medium . [ Debian Janitor ] * Remove constraints unnecessary since buster * Remove overrides for lintian tags that are no longer supported. * Set upstream metadata fields: Contact. * Fix field name case in debian/control (Pre-depends => Pre-Depends). . [ Akbarkhon Variskhanov ] * d/watch: Fix URL and pattern * debian/control: Update Homepage. Thanks to Boyuan Yang for the suggestion (Closes: #1022849) * Update upstream metadata . [ Yves-Alexis Perez ] * New upstream version 1.32.0 * d/patches: rebase against new upstream * d/lightdm.install: drop /etc/dbus-1 * update symbols for new release * d/control: update standards version to 4.6.1 Checksums-Sha1: 0477befeefbef7f1c5ebe595cec36a682f590a66 2496 lightdm_1.32.0-1.dsc 784fc32967e2f6ce98ade49f6998610d4f856e1a 518168 lightdm_1.32.0.orig.tar.xz 006a3d34ab61eb16612cac3ac2f523e15c20e163 195 lightdm_1.32.0.orig.tar.xz.asc ba410a527b46a759797091f8561b76d02c55d65b 38480 lightdm_1.32.0-1.debian.tar.xz 1519f95c745ee130313dbc8243cd70a3da32401c 19490 lightdm_1.32.0-1_amd64.buildinfo Checksums-Sha256: 2f9c83116301062cdf0fefcb1cd95c1afd05fd3fac2386a2516d640d5136be42 2496 lightdm_1.32.0-1.dsc 12f5ab432748f0387c7cf8b94430495a558a035a4f8465e5181af6faff133e4b 518168 lightdm_1.32.0.orig.tar.xz 8ff9d803e6d19e6d4553ceeec0adaa31d068b4f86a90319a6f0899d63899fba3 195 lightdm_1.32.0.orig.tar.xz.asc 528522438b08edcb2ce2073e99b379d9faa031abd912ed4677a5edfca0a8731f 38480 lightdm_1.32.0-1.debian.tar.xz 592aaa5e1031a60067166b4796caedc4efa48f443633fb43d82bbf5de6539696 19490 lightdm_1.32.0-1_amd64.buildinfo Files: 5915f95b797505025735b9160680cde7 2496 x11 optional lightdm_1.32.0-1.dsc e62a5da6c35f612e4d9575eda5c8d467 518168 x11 optional lightdm_1.32.0.orig.tar.xz 3cced8ddf2296f03b2ccf941fdca9fa1 195 x11 optional lightdm_1.32.0.orig.tar.xz.asc ba3464c61a3f81e61e1f14918e70 38480 x11 optional lightdm_1.32.0-1.debian.tar.xz 2a549ea1b1ba872d59722a6f4d03a96c 19490 x11 optional lightdm_1.32.0-1_amd64.buildinfo -BEGIN PGP SIGNATURE-
