** Description changed:
- This includes part of a CVE security fix; the more important part of the
- CVE is in flatpak but there is some hardening on the xdg-desktop-portal
- side.
+ Impact
+ --
+ This includes part of a CVE security fix; the more important part of the CVE
is in flatpak but there is some hardening on the xdg-desktop-portal side.
https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.18.4
https://github.com/flatpak/xdg-desktop-portal/compare/1.18.3...1.18.4
+
+ Test Plan
+ -
+ Run the tests from
https://wiki.ubuntu.com/DesktopTeam/TestPlans/XdgDesktopPortalGnome
+
+ What Could Go Wrong
+ --
+ xdg-desktop-portal is critical functionality for Snaps and Flatpaks including
providing the file chooser dialogs for both of the only security supported web
browsers in Ubuntu: firefox and chromium (both as snaps)
+
+ xdg-desktop-portal is included in every official Ubuntu desktop flavor
+ as it has become essential functionality for modern desktops. When used
+ by desktops, there is a separate backend package to provide the UI. For
+ Ubuntu Desktop, this is xdg-desktop-portal-gnome. Several other desktops
+ use xdg-desktop-portal-gtk (even Ubuntu Desktop uses it as a dependency
+ of -gnome) but there are other backends that follow the standard naming
+ convention xdg-desktop-portal-*
+
+ xdg-desktop-portal also is used in some apps that are distributed as
+ .deb packages, for instance it is used for the Set as Background feature
+ in the Nautilus file browser.
+
+ Other Info
+ --
+ (none)
** Description changed:
Impact
--
- This includes part of a CVE security fix; the more important part of the CVE
is in flatpak but there is some hardening on the xdg-desktop-portal side.
+ This is a new release in the stable 1.18.x series. It includes part of a CVE
security fix; the more important part of the CVE is in flatpak but there is
some hardening on the xdg-desktop-portal side.
https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.18.4
https://github.com/flatpak/xdg-desktop-portal/compare/1.18.3...1.18.4
Test Plan
-
Run the tests from
https://wiki.ubuntu.com/DesktopTeam/TestPlans/XdgDesktopPortalGnome
What Could Go Wrong
--
xdg-desktop-portal is critical functionality for Snaps and Flatpaks including
providing the file chooser dialogs for both of the only security supported web
browsers in Ubuntu: firefox and chromium (both as snaps)
xdg-desktop-portal is included in every official Ubuntu desktop flavor
as it has become essential functionality for modern desktops. When used
by desktops, there is a separate backend package to provide the UI. For
Ubuntu Desktop, this is xdg-desktop-portal-gnome. Several other desktops
use xdg-desktop-portal-gtk (even Ubuntu Desktop uses it as a dependency
of -gnome) but there are other backends that follow the standard naming
convention xdg-desktop-portal-*
xdg-desktop-portal also is used in some apps that are distributed as
.deb packages, for instance it is used for the Set as Background feature
in the Nautilus file browser.
Other Info
--
(none)
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-32462
** Also affects: xdg-desktop-portal (Ubuntu Noble)
Importance: Undecided
Status: New
** Changed in: xdg-desktop-portal (Ubuntu Noble)
Importance: Undecided => High
** Changed in: xdg-desktop-portal (Ubuntu Noble)
Status: New => In Progress
** Changed in: xdg-desktop-portal (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to xdg-desktop-portal in Ubuntu.
https://bugs.launchpad.net/bugs/2062394
Title:
Update xdg-desktop-portal to 1.18.4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal/+bug/2062394/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
