Unmarking as security as it appears that at worst xdg-mime will simply echo back (part of) the filename and though while confusing and certainly a bug, it does not cross privilege boundaries or cause data loss. Presumably the user will recognize the echoed back text as the filename of the file that was queried. Filed as upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=21018.
** This bug is no longer flagged as a security vulnerability ** Bug watch added: freedesktop.org Bugzilla #21018 https://bugs.freedesktop.org/show_bug.cgi?id=21018 ** Changed in: xdg-utils (Ubuntu) Status: New => Confirmed ** Summary changed: - xdg-utils incorrectly parses output, allowing arbitrary text injection + xdg-utils incorrectly parses output, causing wrong output ** Also affects: xdg-utils via https://bugs.freedesktop.org/show_bug.cgi?id=21018 Importance: Unknown Status: Unknown -- xdg-utils incorrectly parses output, causing wrong output https://bugs.launchpad.net/bugs/335643 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
